Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

David Talbot

A View from David Talbot

New Report Suggests the Cost of Cybercrime is Nearly Unknowable

A new report gives a wide range for what cybercrime and espionage actually cost the United States and the world.

  • July 22, 2013

In this era of Big Data, it seems we can measure almost everything—just not the financial and other losses from the criminal use of computers and networks.

A new report basically says figuring out the cost of cybercrime and espionage is nearly impossible. It says U.S. losses might be as low as $20 billion or as high as $140 billion. “A very crude extrapolation would be to take this ($20 billion to $140 billion) range for the U.S., which accounts for a little more than a fifth of global economic activity, and come up with a range of $100 billion to $500 billion for global losses,” says the report, by the security company McAfee and a Washington think-tank, the Center for Strategic and International Studies. But that range is essentially a wild guess.

Still, these numbers are down considerably from the upper estimate of a $1 trillion global impact cited by President Obama in a 2009 cybersecurity speech. (The $1 trillion figure was later attributed to a press release about an earlier report by McAfee. So much for White House speechwriters.)  

Why is estimating damages so hard? Because it’s hard to detect attacks in the first place (see “Preparing for Cyberwar Without a Map”), the attacks come in myriad guises (see “Moore’s Outlaws”), companies are reluctant to disclose what’s happened to them, it’s difficult to value thefts that don’t involve stealing money, and surveys can be inaccurate.

The report asserts that the theft of intellectual property may be the most worrisome—and that more studies are on the way on this point. But even the people searching for better data say they won’t insist on getting it. There can be downsides to companies disclosing how they were attacked and what was stolen, said James Lewis, director of the technology and public policy at CSIS. “I’d rather have a company retain value than be damaged because I got better data,” he said.

So don’t expect much more clarity in the future.

Get stories like this before anyone else with First Look.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.