Twitter Facebook Google RSS
National Defense > Blog > Posts > Analysts Can’t Calculate True Cost of Cybercrime, Espionage
Analysts Can’t Calculate True Cost of Cybercrime, Espionage
By Sarah Sicard

Costs incurred by cybercrime and espionage have recently been estimated at a range between $6 billion and $1 trillion, according to a study done by the Center for Strategic and International Studies.

The center, along with network security firm McAfee Inc., is looking to close the gap between the two numbers to gain a more precise understanding of the economic losses incurred in cyberspace.

“Where we came out is that reasonably an upper limit might be somewhere under 1 percent of GDP. That’s a best guess,” James A. Lewis, director and senior fellow at CSIS’s technology and public policy program, said July 22 in a panel discussion in Washington, D.C.

There is limited data on cybercrime and that has proven to be a major hindrance in coming up with a better range. “It’s a problem,” he added.

One issue is that workers and companies may recognize that there have been breaches in their security systems, but they don’t know and can’t figure out what was taken.

There is risk in doing business in cyberspace. “Perhaps companies are underestimating the risk,” said Lewis.

There is also the question of whether crime and espionage are growing within cyberspace, or if the public is simply more aware that it’s happening. The answer, according to Phyllis Schneck, vice president and chief technology officer with the global public sector division of McAfee, is both.

“The awareness is obviously something that you sense and something that we hear about. The presence of malware is far more prevalent than we might know about through normal means,” she added. “So when you look at, ‘is it increasing?’ Yes it’s increasing but we’re also increasing our awareness of what’s happening.”

The more technology advances, the more avenues are created for cybercrime and espionage. The lack of data, methodology and legal standards make it difficult to defend against criminals.

“This is open season for the bad guys. We have created an Internet that… sends bad things to good people with a high quality service,” said Schneck.

“The more information we can put together, the more data points you have, the better understanding you have of the actual threat and how to address” it, she added.

However, companies are reluctant to share network data “on good faith.” There is no liability protection for a firm that wants to disclose information. In doing so, it could put its integrity and clients at risk.

More information is needed to more successfully handle the threat of cybercrime and espionage. “There is a lot of noise and a lot of chaos and a lot of buzzwords, but we really need to get through what does this mean, and what does it mean for network resilience,” said Schneck.

Photo Credit: Thinkstock


Re: Analysts Can’t Calculate True Cost of Cybercrime, Espionage

I published an article providing a framework for calculating the cost of cyber crime.  Roche, E.M. "Internet and Computer Related Crime: Economic and Other Harms to Organizational Entities", Mississippi Law Journal, Vol 76, 2007, p. 639.  The major areas of uncertainty are (1) placing a value on future effects from theft of IP; (2) unpredictable consequences of the reputation effect; and (3) operational losses, which rarely are placed into estimations.  Operational losses involve the costs to restore the functioning of information systems.  I believe the journal provides free access to articles.
Edward M Roche at 7/25/2013 9:41 AM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *



Name: *

eMail *

Comment *


Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *


Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.



Bookmark and Share