McAfee inflated dangers of hacking

Intel subsidiary McAfee appears to have exaggerated the cost of hacking in a key 2009 study which has formed the basis for US government cyber security policy.

A 2009 study by the Center for Strategic and International Studies estimated that hacking costs the global economy $1 trillion.

This is the figure which keeps getting quoted by president Barack Obama. Intelligence officials and members of Congress have also cited this number when pressing for legislation on cybercrime protection.

But according to the International Business Times the number was a huge exaggeration by McAfee.

The whole thing has been revealed by a new study by CSIS, which found numerous flaws in the methodology of the 2009 study and stated that a specific number would be much more difficult to calculate. The report thinks that the number could be $100 billion to $500 billion.  A pretty high figure but hardly a trillion.

The figure has been suggested to be overstated before, including by two principal Microsoft researchers.

In fact the CSIS says the US might lose as little as $20 billion to $25 billion per year to cybercrime or as much as $100 to $140 billion.

Both studies were underwritten by McAfee, one of the largest security technology vendors.  The bias of the 2009 report was commented on at the time. 

Reuters pointed out that companies can have a hard time knowing exactly what was stolen, and there are a myriad of more complex economic issues that keep the surveys from being accurate.

This time, even though the figures are a third lower than the last survey, there are still questions if McAfee has got it right.

So, what does McAfee get out of it if the figure is high? The company has helped the Department of Defense design a secure infrastructure and the DoD has cited McAfee’s $1 trillion overestimate to argue for the expansion of cybersecurity programs.

While foreign hackers are certainly a growing threat, it seems like the arguments for these expansions were based on McAfee’s earlier “research”.