 | « Back to article | Print this article |
The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself, a study believed to be the first systematic analysis of the cost of cybercrime has said.
The study by an international team of scientists led by the University of Cambridge recommends that society should spend less on antivirus software and more on policing the internet, a university release said.
The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself, the study titled 'Measuring the cost of cybercrime' concluded.
On the basis of the findings which is said to provide the first systematic estimate of the direct costs, indirect costs and defence costs of different types of cybercrime for the UK and the world the authors conclude that we should spend less in anticipation of cybercrime and more on catching the perpetrators.
"Advances in information technology are moving many social and economic interactions, such as fraud or forgery, from the physical worlds to cyberspace," said lead author Ross Anderson, Professor of Security Engineering at the University of Cambridge's Computer Laboratory.
"As countries scramble to invest in security to minimise cyber-risks, governments want to know how large that investment should be and where the money should be spent."
However, many of the existing sources of data have either under-or over-inflated estimates of the scale of this risk explain the researchers, the release added.
In the study, the team of researchers has specifically avoided giving a single figure for the cost of cybercrime because the total depends critically on what is counted.
They suggest that fraud within the welfare and tax systems increasingly performed in the 'cyber' world cost each citizen a few hundred pounds a year on average.
Fraud associated with payment cards and online banking costs just a few tens of pounds a year; however, the fear of fraud by businesses and consumers is leading some to avoid online transactions, imposing an indirect cost on the economy that is several times higher.
By contrast, true 'cybercrime' the new scams that completely depend on the internet are only costing citizens an average of a few tens of pence per year directly.
However the indirect costs, such as the money spent on anti-virus software, can be a hundred times that.
Overall, the study concludes that cybercriminals often only a small number of gangs are pulling in a few tens of pounds from every citizen per year, but the indirect costs to those citizens, either in protective measures such as antivirus or in cleaning up infected PCs, is at least ten times as much.
The Cambridge scientists, working with colleagues in Germany, the Netherlands, the USA and UK, considered all the main types of cybercrime online payment and banking
fraud, fake antivirus, patent-infringing pharmaceuticals, 'stranded traveller' scams, and botnets (whereby vast numbers of computers are taken over by a 'botnet-herder' who then rents them out to others to commit crimes).
The straightforward conclusion to draw from their study, say the researchers, is that we should spend less on defence and more on policing, as Anderson explained: "Some police forces believe the problem is too large to tackle."
"In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software. Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime."