6

A study Symantec claims that the global damages from cyber crime were

A study by Symantec Corp, the maker of Norton computer security software, estimates the cost of global cybercrimes at $114 billion annually.

http://www.reuters.com/article/2011/09/07/us-symantec-idUSTRE7861DP20110907

These figures seem like way off to me. The fact that the source of the study is one of the biggest vendors of security software also does not improve its credibility,

Oddthinking
  • 140,378
  • 46
  • 548
  • 638
Daniel Iankov
  • 724
  • 4
  • 11
  • Did you have a [look at the report](http://www.symantec.com/content/en/us/home_homeoffice/html/ncr/), and see their methods (survey, 24 countries, unclear sample size, broad definition of cyber crime)? – Oddthinking Sep 08 '11 at 00:39
  • As you said - given that Symantec is a "security software" maker, the old adage comes to mind: "don't ask a barber whether you need a new haircut". – Piskvor left the building Sep 08 '11 at 13:36
  • 3
    There was no report. Just some slideshow. @Piskvor - the problem is my confirmation bias. I expect that these things are bullshit, so I may be too fast and easy dismiss them. – Daniel Iankov Sep 08 '11 at 15:50

2 Answers2

2

Cyber crime cost estimates in general are self serving and unreliable. I can't answer specifically for the cost to the US, but there is a great demolition of estimates released in the UK on the excellent UK site Straight Statistics.

Here is a flavour of their analysis:

For IP theft, the report admits there are no robust estimates for actual levels. It further admits that such thefts are not widely reported. So maybe there aren’t any? At the other extreme, it posits that every bit of IP that is worth stealing is in fact stolen, and then concludes that the truth lies somewhere between the two.

So how much is stolen? The report remarks: “The proportion of IP actually stolen cannot at present be measured with any degree of confidence”. So the assumption is made that the amounts stolen are proportional to their value to the thieves. It then produces estimates, industry by industry, of the amounts stolen rather like a magician producing rabbits out of a hat. No actual examples are cited. We are expected to believe that the theft of IP costs £9.2 billion a year without a single case of such theft being advanced. This is closer to guesswork than analysis.

When big estimates that serve the interests of the provider of the estimate are made, it is always worth looking at the detail and asking skeptical questions about it. The big numbers rarely stand up.

matt_black
  • 56,186
  • 16
  • 175
  • 373
0

Such numbers are based on surveys that extrapolate some sample set.
Remember the Google Plus user count study done recently?

Quote from another article.

Norton determined the £71 billion figure by taking the number of victims over past 12 months for each country and multiplying it by the average financial cost of cyber crime per nation.

Many have debated the validity of such figures, as they only look at a snapshot of victims. In the case of the Norton research, 24 countries were covered.

Community
  • 1
nik
  • 476
  • 3
  • 5
  • 1
    That’s a nice comment but it doesn’t really answer the question. In fact, *all* large studies are performed by sampling so this isn’t surprising either. – Konrad Rudolph Sep 10 '11 at 08:06