For cyber criminals, the idiom "crime doesn't pay" is laughable. Internet crime is worse than ever, and the reasons are clear: It's highly lucrative and far less risky than, say, an old-fashioned bank heist. Until we take the necessary steps to increase the risk and lower the value of cyber crimes, we won't be able to stop them.
To fully appreciate the risks and rewards of cyber crimes versus traditional crimes, consider the following statistics from the FBI: In 2010, bank robbers pulled off 5,628 heists and ran off with $43 million. (These numbers held steady in the first and second quarters of 2011.) The average robbery netted $7,643.
Further, the loot was recovered in 22 percent of cases. Often, the thieves wielded guns, so when caught, they faced long mandatory jail times. Injuries, death, and hostage situations occurred, though they constitute the minority of cases. I'm not an expert on how well U.S. bank robbers do as compared to non-U.S. counterparts, but let's assume roughly the same stats apply.
Overall, physical bank robberies are high risk. Except in rare cases, you won't strike it rich as a criminal, and you have a strong chance of getting caught and sentenced to jail.
Let's compare that to Internet crime statistics. Per an FBI 2011 report, 300,000 people were victimized over the Internet to the tune of $1.1 billion. Although that averages out to only $3,666 per victim, the typical Internet hacker commits thousands to hundreds of thousands of these crimes and almost never gets caught. Those who get nabbed are unlikely to spend any time in jail, and when they do, they'll probably serve, at most, a few years in a low-security facility.