Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Business Report

No One Knows How Much Cybercrime Really Costs

A lack of reliable figures on the costs of many kinds of cybercrime is holding back companies and governments from responding appropriately.

Before the Grum botnet of several hundred thousand compromised computers was taken down by law enforcement in 2012, it was responsible for sending out 18 billion spam messages per day, mostly hawking pharmaceuticals such as Viagra.

Grum was earning its operators nearly $3 million a year for pushing drug ads, but far more impressive were the indirect costs it imposed: it was believed responsible for nearly 20 percent of the world’s spam, which researchers at Microsoft and Google say costs the world $20 billion a year on things like e-mail filtering and storage.

The case of Grum is unusual in that the finances of spam are relatively well understood, making it possible to do a cost-benefit analysis of actions taken to stop it. That’s not the case with other threats, such as data breaches that feed personal information to the black market.

This story is part of our March/April 2016 Issue
See the rest of the issue
Subscribe

Although it’s clear that cybercrime imposes real and sizable costs on society, fine-grained data is generally hard to come by.

“Many of the private-sector reports are basically marketing brochures from organizations with a strong interest in scaremongering,” says Ross Anderson, a professor of security engineering at the University of Cambridge.

Ross Anderson

And law enforcement agencies and police don’t have good statistics on the incidence and costs of cybercrime because they have not updated their operations for the Internet era as well as criminals have, he says. A European Union research project recently concluded that a lack of clear figures on costs was preventing companies as well as governments and law enforcement from making good decisions about security.

“If data is patchy or unverifiable, then it is likely that businesses will either waste money or not spend any at all, leaving themselves and consumers vulnerable to attack,” says Jart Armin, a founder of the security company CyberDefcon, who is involved with the CyberROAD project behind the E.U. report.

Anderson and colleagues at Cambridge are in the process of setting up a new research center that could help clear up that confusion. The Cambridge Cloud Cybercrime Center will operate as a kind of clearinghouse for data from major companies—data that can be mined to discover the patterns of criminal activity. “We’ve got to be able to measure cybercrime to be effective in doing anything about it,” says Anderson.

Talks are under way with Google, Yahoo, and others interested in donating data.

“For the first time we’re going to be able to look at stuff at scale,” says Anderson. He hopes that the new resource will produce insights into the patterns and costs of cybercrime that could allow far more informed responses.

Get stories like this before anyone else with First Look.

Subscribe today
Already a Premium subscriber? Log in.
Ross Anderson

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Business Impact
Cyber Survival

How technology advances are changing the economy and providing new opportunities in many industries.

Want more award-winning journalism? Subscribe to Insider Online Only.
  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.