TIAMSA Blog: Cybercrime and the Art Market

by Charles Parker

In recent years cybercrime has emerged as an ever-present threat to art market businesses. Thankfully, however, industry reports seem to suggest that those operating within the sector are starting to acknowledge the dangers. Indeed, in its 2019 publication, Hiscox’s Online Art Trade Report reported that 47% of galleries polled were concerned/very concerned about cybercrime, a rise of 41% from the previous year.

While these statistics seemingly indicate an industry that is finally coming to terms with the looming danger of cybercrime, high profile art market businesses are still being caught out by relatively simple “man in the middle” deception scams. This concern encouraged me to centre my Art Market & Appraisal MA major project around the question: “What are the main factors contributing to the art market’s vulnerability to cybercrime?” In order to collect the appropriate data, I conducted a series of interviews with dealers and other art market professionals. 

Using the high-profile cybercrime case of Old Master dealer Simon Dickinson as a reference point, I created a behavioral framework to guide the research. Considering the details of the case and thinking in general terms about the way deals are conducted in the art market, I determined that behaviors relating to trust, object scarcity and expertise were integral to the deal-making process. Unfortunately, everyone is potentially complicit in increasing the chances that a cyber scam might be successful. Alongside the behavioural framework, I also incorporated a selection of factors relating to the art market’s industry environment: digitalisation, regulation and the role of professional associations. 

The interviews focused on the topics mentioned above and yielded a substantial amount of data which I analyzed in conjunction with the findings from a review of the relevant literature. Considered within the context of the overarching research question, there were four major findings.

The Power of the Handshake
Closing deals with a handshake is representative of the way dealers conducted business in the pre-digital era, when business was conducted face to face and reputation was paramount. Considering this, there are many dealers operating today that have established their dealerships and had success before cybercrime existed. When these dealers use reputation as a measure of trust and rely on it to navigate the art market’s predominantly digital environment, they become vulnerable to cybercrime. For example, a dealer from the pre-digital era may be happy to pay a £1 million invoice without checking the account details provided because it was sent by an old acquaintance. However, this leaves that dealer susceptible to “man in the middle scams” because they are unlikely to suspect an “updated” invoice sent by a hacker who pretends to be a staff member of a known gallery with an impeccable reputation – leaving them to send funds directly to the hacker’s account without a second thought. 

Markets within Markets
The research findings also indicated that businesses operating within the Old Master market are likely to be more vulnerable to the threat of cybercrime than other sub-markets because dealerships within this sector lack the skills required to conduct business safely in a digital context and they often lack adequate digital infrastructures making them more likely to become victims of cybercrime. Moreover, the frequency with which businesses within this market send large invoices makes them a particularly attractive target to cybercriminals. Given all this, it is apparent that a targeted intervention is required to protect businesses within this niche. 

Dror’s Expert Paradox
The idea of expertise stemmed from the literature review, in which Dror’s expert paradox was identified as a possible factor contributing to the art market’s vulnerability to cybercrime. Dror states that experts are prone to a degradation in performance when it comes to dealing with issues or occurrences outside their usual scope of work. In accordance with this notion, the research outlined that some art market businesses, fully aware of the threat of cybercrime, have adopted a blasé outlook on the problem and subsequently have chosen not to address it. It was also found that businesses within the art market do not appreciate the extent of the threat until they are targeted, or until they hear about a high-profile victim. This response fits perfectly with Dror’s understanding of the expert paradox. The most poignant indicator of the expert paradox’s role in increasing cybercrime vulnerability came from potential interview respondents who declined to be interviewed, stating that they did not have anything to do with cybersecurity or cybercrime.

Digital Infrastructure and Understanding
The research revealed that a poor understanding of digital technology and a weak digital infrastructure are cybercrime risk factors that are prevalent throughout the entire art market. The research suggested that the poor understanding of digital technology may stem from a lack of interest and the complex nature of the advice provided. In particular, the use of email was also highlighted as a digital tool which, when used improperly, contributes to cybercrime vulnerability because it is an open communication forum that, without the right digital infrastructure, can be easily hacked. Email vulnerability is particularly high in the art market because businesses do not understand the risks and therefore use email to send high value invoices. 

Limitations
While these findings make interesting revelations, it is important that they are viewed within the scope of the research. The data was derived from a review of relevant literature and five structured interviews. Therefore, the extent to which they apply to the entire art market is limited and must be considered when interpreting them.

Recommendations 
Although the research formed part of a mandatory academic undertaking, the underlying aim of the project was to raise awareness of the dangers associated with cybercrime. In light of this, the following recommendations are in line with the conclusions drawn from the analysis of the respondent data:

  • All transactions conducted by email should be carried out in accordance with a strict verification process. As a minimum, the bank details of the sender or the receiver should always be confirmed over the phone before payment is made. 
  • Dealers operating within the Old Master’s market should engage a specialist IT/cybersecurity consultancy to evaluate and upgrade their IT systems. 
  • To address both the dismissal of cybercrime advice by unaffected businesses and the apparent lack of digital skills, in-house training could be carried out by professional associations in partnership with the National Cyber Security Centre. This would present a more incisive means of education and would ensure that businesses are coached through the process as opposed to being provided with written information which they can easily disregard or find confusing. Additionally, education should also provide a question forum through which staff could pose their digital queries and receive instant guidance.  

Biography: Charles Parker is completing an Art Market & Appraisal MA at Kingston University. He has a keen interest in the art market, especially art crime.  He has recently submitted his MA project on the art market’s vulnerability to cybercrime.

Abstract: Summary of an MA major project exploring the art market and its apparent vulnerability to cybercrime. In this article Charles Parker outlines the problems facing the market, discusses the theoretical and practical considerations that underpin his research methodology, presents results of the research and offers recommendations to help art market businesses protect themselves from cybercrime.