IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Does cyber crime really cost £27 billion a year?

Security experts question the astronomical figure attributed to the cost of cyber crime in the UK.

Cyber crime

A number of security experts have questioned the 27 billion figure placed on the cost of cyber crime.

A Government report released today estimated in the "most likely scenario" cyber criminals cost the UK 27 billion a year.

Furthermore, the Detica-authored report said the actual cost of cyber crime is likely to be far greater than that figure.

A significant chunk of that cost is due to intellectual property theft, amounting to losses of 9.2 billion per annum, the report suggested.

Businesses take much of the hit, with 21 billion lost every year thanks to hackers' efforts, according to the estimates.

To determine the figure, Detica brought together data from sources including information from the public domain, cyber security professionals, as well as business, law enforcement agencies and economics experts.

The security firm drew up a causal model, relating different kinds of cyber crime to their impact on the UK economy.

"We used the model to may cyber crime types to a number of broad categories of economic impact, which are generally consistent with the types of parameters used in macro-economic models of the UK," the report explained.

"We then calculated the magnitude of the cots of cyber crime using three-point estimates (worst-case, most-likely case and best-case scenarios), focusing in particular on IP theft and industrial espionage and its effect on the different industry sectors."

Figures released by Symantec earlier this week suggested cyber crime would cost the UK economy 1.9 billion in 2011.

The varying figures on the financial impact of illegal online activity in the UK has brought into question the validity of making such estimates.

Many in the security industry believe the 27 billion suggestion to be somewhat excessive.

Mikko Hyponnen, chief research officer at F-Secure, said in a tweet he found the figure to be "very high."

"In my view, there's more to be gained by highlighting the potential risks and explaining how to minimise them than in alarming people with abstract numbers that may or may not reflect reality," said David Emm, senior security researcher at Kaspersky Lab UK.

Sophos, meanwhile, has called for a more efficient way of measuring the cost of cyber crime altogether.

The company's senior technology consultant Graham Cluley called for a "proper mechanism for reporting cyber crime" before any figure is ascertained.

He suggested there was not enough detail on how Detica reached its estimates.

"An accurate measure of cyber crime is required in order to provide the proper support that computer users - in business and at home - need to defend against the threats," Cluley said.

"Once we know the true scale of the problem, and can produce reports that aren't dealt with skepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK's attempts to fight the problem are really working or not."

At the time of publication, Detica had not responded to a request for more information on how it came to the 27 billion figure.

Despite queries over the estimates, the report has been praised for spreading awareness of the threats facing UK businesses in particular.

Steve Durbin, global vice president of the Information Security Forum, said he could not comment on the figure but stressed where the report was correct was in noting the cost of cyber crime "is primarily borne by UK businesses."

"The cost of cyber crime is certainly significant and both private sector organisations and governments need to build a comprehensive picture of the threats to information security to be able to deal effectively with this growing trend," Durbin told IT PRO.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Ransomware group Conti threatens to overthrow Costa Rican government
ransomware

Ransomware group Conti threatens to overthrow Costa Rican government

17 May 2022
UK plan to abandon big tech regulator powers “makes no sense”
Policy & legislation

UK plan to abandon big tech regulator powers “makes no sense”

3 May 2022
How governments can build resilience in a new normal
Whitepaper

How governments can build resilience in a new normal

27 Apr 2022
Google Cloud wins tender with Israeli judiciary
Cloud

Google Cloud wins tender with Israeli judiciary

12 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022