Cybercrime losses are overstated

Fears about cybercrime are overstated, two insecurity experts from Microsoft claim.

Dinei Florêncio and Cormac Herley who are principal researchers at Microsoft Research wrote in the New York Times that while there is a popular idea that the world is losing a $1 trillion a year to cyber crime the reality is less impressive.

They point out that if it is possible to get rich by downloading and running software, there should be a lot more people trying it.

They had a look at cybercrime from an economic standpoint and found that only a few criminals do well. Cybercrime is just a low-profit struggle which is probably not worth the effort.

Cybercrimes like spam and password-stealing have the same economics as the fishing industry. As fish stocks are driven to exhaustion, there is never enough “easy money” to go around, the report said.

The pair think that cybercrime estimates are generated using absurdly bad statistical methods, based on surveys of consumers and companies.

If 5,000 people were asked to report their cybercrime losses, all it takes is for one person to falsely claim they lost $25,000 to a cyber scam and $1 billion gets added to the over all estimate. Because those people who never lost anything are not taken into account the statistics for these anomalies are not cancelled out.

The two said that in cybercrime surveys they have examined 90 percent of the estimate appears to come from the answers of one or two individuals.

The report said that cybercrime billionaires are hard to locate because there aren’t any. Few people know anyone who has lost substantial money because victims are far rarer than the exaggerated estimates would imply.