Does cyber crime really cost £27 billion a year?

Cyber crime

A number of security experts have questioned the 27 billion figure placed on the cost of cyber crime.

A Government report released today estimated in the "most likely scenario" cyber criminals cost the UK 27 billion a year.

Furthermore, the Detica-authored report said the actual cost of cyber crime is likely to be far greater than that figure.

A significant chunk of that cost is due to intellectual property theft, amounting to losses of 9.2 billion per annum, the report suggested.

Businesses take much of the hit, with 21 billion lost every year thanks to hackers' efforts, according to the estimates.

To determine the figure, Detica brought together data from sources including information from the public domain, cyber security professionals, as well as business, law enforcement agencies and economics experts.

The security firm drew up a causal model, relating different kinds of cyber crime to their impact on the UK economy.

"We used the model to may cyber crime types to a number of broad categories of economic impact, which are generally consistent with the types of parameters used in macro-economic models of the UK," the report explained.

"We then calculated the magnitude of the cots of cyber crime using three-point estimates (worst-case, most-likely case and best-case scenarios), focusing in particular on IP theft and industrial espionage and its effect on the different industry sectors."

Figures released by Symantec earlier this week suggested cyber crime would cost the UK economy 1.9 billion in 2011.

The varying figures on the financial impact of illegal online activity in the UK has brought into question the validity of making such estimates.

Many in the security industry believe the 27 billion suggestion to be somewhat excessive.

Mikko Hyponnen, chief research officer at F-Secure, said in a tweet he found the figure to be "very high."

"In my view, there's more to be gained by highlighting the potential risks and explaining how to minimise them than in alarming people with abstract numbers that may or may not reflect reality," said David Emm, senior security researcher at Kaspersky Lab UK.

Sophos, meanwhile, has called for a more efficient way of measuring the cost of cyber crime altogether.

The company's senior technology consultant Graham Cluley called for a "proper mechanism for reporting cyber crime" before any figure is ascertained.

He suggested there was not enough detail on how Detica reached its estimates.

"An accurate measure of cyber crime is required in order to provide the proper support that computer users - in business and at home - need to defend against the threats," Cluley said.

"Once we know the true scale of the problem, and can produce reports that aren't dealt with skepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK's attempts to fight the problem are really working or not."

At the time of publication, Detica had not responded to a request for more information on how it came to the 27 billion figure.

Despite queries over the estimates, the report has been praised for spreading awareness of the threats facing UK businesses in particular.

Steve Durbin, global vice president of the Information Security Forum, said he could not comment on the figure but stressed where the report was correct was in noting the cost of cyber crime "is primarily borne by UK businesses."

"The cost of cyber crime is certainly significant and both private sector organisations and governments need to build a comprehensive picture of the threats to information security to be able to deal effectively with this growing trend," Durbin told IT PRO.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.