Wednesday, 23 April 2014
masthead+quote+image
Advanced search

Cybercrime protection costs exceed threat, says research

The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself, according to new research.

In a study carried out for the Ministry of Defence, scientists from Cambridge University found that more resources should be spent on catching cybercriminals than preparing for the crimes.

The researchers found that cybercriminals make on average a few tens of pounds from every citizen per year, but the indirect costs to those citizens, either in protective measures such as antivirus or in cleaning up infected PCs, is at least ten times as much.

‘Some police forces believe the problem is too large to tackle,’ said the study’s lead author Prof Ross Anderson in a statement. ‘In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software.

‘Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime.’

The study found that fraud associated with online banking costs each citizen on average a few tens of pounds a year but fear of fraud is leading some to avoid online transactions, imposing an indirect cost on the economy that is several times higher.

Internet scams cost each citizen a few tens of pence a year but the indirect costs, such as the money spent on anti-virus software, can be a hundred times that.

The UK spends $1bn (£639bn) annually on efforts to protect against or clean-up after a threat, including $170m (£109m) million on antivirus. By contrast, just $15m (£10m) is spent on law enforcement.

The researchers say the report provides the first systematic estimate of the direct costs, indirect costs and defence costs of different types of cybercrime for the UK and the world.

Co-author Dr Richard Clayton said: ‘Take credit card fraud. Direct loss is clearly the monetary loss suffered by the victim.

‘However, the victim might then lose trust in online banking and make fewer electronic transactions, pushing up the indirect costs for the bank because it now needs to maintain cheque clearing facilities, and this cost is passed on to society.

‘Meanwhile, defence costs are incurred through recuperation efforts and the increased security services purchased by the victim. The cost to society is the sum of all of these.’

However, they specifically avoided attaching a specific figure to the cost of cybercrime, arguing the total depends critically on what is counted and that many existing sources had under- or over-inflated estimates of risk.

Readers' comments (1)

  • The crime cost when averaged across the population may be small, but for the individual it is significant. Within each country every effort should be made to catch, prosecute, and punish these leaches on society. (Capital punishment by slow electrocution, broadcast on U-Tube. Will they get the message?) Capital punishment is a strong deterrent when it is actually used. International internet crimes will be more difficult to deter but those countries that refuse to rigorously prosecute offenders can simply be unplugged from the world. Unthinkable? Not really.

    Unsuitable or offensive? Report this comment

Have your say

Mandatory
Mandatory
Mandatory
Mandatory

Related images

My saved stories (Empty)

You have no saved stories

Save this article

Digital Edition

The Engineer April 2014 Online

Poll

Should every school have a 3D printer?

Previous Poll

Europe's largest tidal array in the Pentand Firth off Orkney will eventually generate up to 86MW of power. What will it take for tidal energy to make an appreciable contribution to the UK's energy needs?

Read and comment on the results here