Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

In this era of Big Data, it seems we can measure almost everything—just not the financial and other losses from the criminal use of computers and networks.

A new report basically says figuring out the cost of cybercrime and espionage is nearly impossible. It says U.S. losses might be as low as $20 billion or as high as $140 billion. “A very crude extrapolation would be to take this ($20 billion to $140 billion) range for the U.S., which accounts for a little more than a fifth of global economic activity, and come up with a range of $100 billion to $500 billion for global losses,” says the report, by the security company McAfee and a Washington think-tank, the Center for Strategic and International Studies. But that range is essentially a wild guess.

Still, these numbers are down considerably from the upper estimate of a $1 trillion global impact cited by President Obama in a 2009 cybersecurity speech. (The $1 trillion figure was later attributed to a press release about an earlier report by McAfee. So much for White House speechwriters.)  

Why is estimating damages so hard? Because it’s hard to detect attacks in the first place (see “Preparing for Cyberwar Without a Map”), the attacks come in myriad guises (see “Moore’s Outlaws”), companies are reluctant to disclose what’s happened to them, it’s difficult to value thefts that don’t involve stealing money, and surveys can be inaccurate.

The report asserts that the theft of intellectual property may be the most worrisome—and that more studies are on the way on this point. But even the people searching for better data say they won’t insist on getting it. There can be downsides to companies disclosing how they were attacked and what was stolen, said James Lewis, director of the technology and public policy at CSIS. “I’d rather have a company retain value than be damaged because I got better data,” he said.

So don’t expect much more clarity in the future.

2 comments. Share your thoughts »

Tagged: Communications, Intel, McAfee

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me