Does cyber crime really cost £27 billion a year?

Security experts question the astronomical figure attributed to the cost of cyber crime in the UK.

Cyber crime

A number of security experts have questioned the 27 billion figure placed on the cost of cyber crime.

A Government report released today estimated in the "most likely scenario" cyber criminals cost the UK 27 billion a year.

Furthermore, the Detica-authored report said the actual cost of cyber crime is likely to be far greater than that figure.

A significant chunk of that cost is due to intellectual property theft, amounting to losses of 9.2 billion per annum, the report suggested.

Businesses take much of the hit, with 21 billion lost every year thanks to hackers' efforts, according to the estimates.

To determine the figure, Detica brought together data from sources including information from the public domain, cyber security professionals, as well as business, law enforcement agencies and economics experts.

The security firm drew up a causal model, relating different kinds of cyber crime to their impact on the UK economy.

"We used the model to may cyber crime types to a number of broad categories of economic impact, which are generally consistent with the types of parameters used in macro-economic models of the UK," the report explained.

"We then calculated the magnitude of the cots of cyber crime using three-point estimates (worst-case, most-likely case and best-case scenarios), focusing in particular on IP theft and industrial espionage and its effect on the different industry sectors."

Figures released by Symantec earlier this week suggested cyber crime would cost the UK economy 1.9 billion in 2011.

The varying figures on the financial impact of illegal online activity in the UK has brought into question the validity of making such estimates.

Many in the security industry believe the 27 billion suggestion to be somewhat excessive.

Mikko Hyponnen, chief research officer at F-Secure, said in a tweet he found the figure to be "very high."

"In my view, there's more to be gained by highlighting the potential risks and explaining how to minimise them than in alarming people with abstract numbers that may or may not reflect reality," said David Emm, senior security researcher at Kaspersky Lab UK.

Sophos, meanwhile, has called for a more efficient way of measuring the cost of cyber crime altogether.

The company's senior technology consultant Graham Cluley called for a "proper mechanism for reporting cyber crime" before any figure is ascertained.

He suggested there was not enough detail on how Detica reached its estimates.

"An accurate measure of cyber crime is required in order to provide the proper support that computer users - in business and at home - need to defend against the threats," Cluley said.

"Once we know the true scale of the problem, and can produce reports that aren't dealt with skepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK's attempts to fight the problem are really working or not."

At the time of publication, Detica had not responded to a request for more information on how it came to the 27 billion figure.

Despite queries over the estimates, the report has been praised for spreading awareness of the threats facing UK businesses in particular.

Steve Durbin, global vice president of the Information Security Forum, said he could not comment on the figure but stressed where the report was correct was in noting the cost of cyber crime "is primarily borne by UK businesses."

"The cost of cyber crime is certainly significant and both private sector organisations and governments need to build a comprehensive picture of the threats to information security to be able to deal effectively with this growing trend," Durbin told IT PRO.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Industry "delighted" with UK's 'landmark' anti-bias AI standard
artificial intelligence (AI)

Industry "delighted" with UK's 'landmark' anti-bias AI standard

30 Nov 2021
Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
Practicality of UK government’s cyber bill criticised by industry experts
Policy & legislation

Practicality of UK government’s cyber bill criticised by industry experts

26 Nov 2021
NCSC: COVID-19 vaccines were prime target for hackers in 2021
National Cyber Security Centre (NCSC)

NCSC: COVID-19 vaccines were prime target for hackers in 2021

17 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021