CybercrimeThe true cost of cybercrime

Published 19 June 2012

The first systematic study of the cost of cybercrime recommends that society should spend less on antivirus software and more on policing the Internet

The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself. This is the conclusion of a recent report, Measuring the Cost of Cybercrime, by an international team of scientists led by the University of Cambridge.

On the basis of the findings, which provide the first systematic estimate of the direct costs, indirect costs, and defense costs of different types of cybercrime for the United Kingdom and the world, the authors conclude that we should spend less in anticipation of cybercrime and more on catching the perpetrators.

“Advances in information technology are moving many social and economic interactions, such as fraud or forgery, from the physical worlds to cyberspace,” said lead author Ross Anderson, Professor of Security Engineering at the University of Cambridge’s Computer Laboratory. “As countries scramble to invest in security to minimize cyber-risks, governments want to know how large that investment should be and where the money should be spent.”

A University of Cambridge release reports that many of the existing sources of data, however, have either under- or over-inflated estimates of the scale of this risk explain the researchers.  For instance, a report released in February 2011 by the BAE subsidiary Detica in partnership with the Cabinet Office’s Office of Cybersecurity and Information Assurance suggested that the overall cost to the United Kingdom economy from cyber-crime is £27 billion annually, a figure that many industry experts have questioned as being too high and lacking in methodology.

In the new study, the initial impetus for which was a request by the U.K. Ministry of Defense, the team of researchers has specifically avoided giving a single figure for the cost of cybercrime because the total depends critically on what is counted. They suggest that fraud within the welfare and tax systems — increasingly performed in the “cyber” world — cost each citizen a few hundred pounds a year on average. Fraud associated with payment cards and online banking costs just a few tens of pounds a year; however, the fear of fraud by businesses and consumers is leading some to avoid online transactions, imposing an indirect cost on the economy that is several times higher.

By contrast, true “cybercrime” — the new scams that completely depend on the Internet — are only costing citizens an average of a few tens of pence per year directly. The indirect costs, however, such as the money spent on anti-virus