The $1 Trillion Cybercrime Myth

wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

one in a thousand

[RichMan]

Throw that one guy out as a strange "outlier" and the number is zero. That is more believeable.

Lies, damn lies and statistics. Grarbage in garbage out.

If it was only one person out of a full one thousand sample then the sample size is way to small to be statistically significant. Whoever did the statistical analysis should be fired. With that low a report rate you don't know it is 1/1e6 or 1/1e9 and you just got unlucky in the sample.

1 Trillion is over 6% of GDP

[udachny]

It is not only cyber-crime estimates that are coming from one or two self-reported unverified people. All the economy related numbers are made up, reverse engineered, adjusted to fit the narrative of the political power.

1 Trillion USD losses to cyber-crime? So taking the 15 Trillion GDP figure at face value (which you must not make mistake of doing), it means that over 6% of the GDP is lost due to all this 'cyber-crime'. 6%. The entire USA agriculture sector is 4% of the reported GDP.

Re:Of course it's made up

[PopeRatzo]

Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that.

Wait a minute now. The derivatives market by itself, is close to $800Trillion. That's "trillion" with a "T" and represents a sum that equals many times more than the GDP of the entire world.

The manipulation of Libor and stealing by simply timing the rate changes could easily have represented $1Trillion in crime.

Add to that the investment banks using their position to do high-frequency trading, in effect "peeking" at their customer transactions to jump in front (yes, that's a crime) and all the rest of the straight up fraud and theft that is being perpetrated by the big banks thanks to their proximity to the Federal Reserve and we've left $1Trillion in cybercrime about five miles back.

You make the mistake of thinking that "cybercrime" can only be Balkan hackers or credit card scammers - small time fraudsters. The real cybercrime is being perpetrated by our financial elite on a scale that makes them absolutely untouchable - out of the reach of any government. Hell, the medicare fraud by the company owned by the governor of Florida, Rick Scott, caused them to pay a fine of a billion dollars, which means the amount they stole using their computer medicare billing system is well over that amount. That's certainly cyber-crime.

Then look at the $27trillion being held illegally off-shore by American citizens to evade taxes (also a crime and also made possible thanks to computers) and the figure of what could be called "cybercrime" adds up to more than the total GDP of the United States and Japan combined. To give you an idea of the impunity with which this illegal (as in crime) activity is engaged, one of the people who almost certainly took advantage of the 2009 amnesty by which these tax cheats could repatriate their money to the US without facing criminal prosecution is now running for president.