Norton caught over-egging the security pudding

Norton, the consumer division of Symantec, has been caught out fudging some cyber crime figures.

For the last couple of weeks stories have been appearing claiming cyber crime costs society $388 billion annually. The statistic is getting tagged onto to stories about hacking to pad them out a bit.

The numbers were dug out of a Norton survey report which asked 20,000 people in 24 countries about their experience with cyber crime. It asked respondents to nominate both direct and indirect losses they experienced as a result of online crime.

Norton’s agents, Strategy One, worked out that punters lost $114 billion a year. That includes losses that consumers experienced that were reimbursed, as is the case with the vast majority of credit card fraud. It had to fudge things a bit. It decided that “online harassment” was a cyber crime, along with being “approached online by sexual predators.” Fraud was so widely defined that it would have covered all credit card fraud.

The word “online” doesn’t even appear in the definition. This question, as written, will catch all credit card fraud.

However, that clearly was not enough for Strategy One which decided to make the figures appear worse by working out how much these cyber crime experiences were worth in terms of “time lost.” This last figure alone was calculated to be $274 billion.

The Sydney Morning Herald had a look into the figures and noticed that even with the faulty reasoning something strange happens with the numbers.

Norton quotes the United Nations figures for the trade in heroin, cocaine and marijuana and points out that this is worth $411 billion per annum.

If you add the $114 billion figure for direct cyber crime losses to the $274 billion “time lost” figure, you wind up with a figure which is close to the drug sales. This enabled Norton to claim that cyber crime is approaching the value of all global drug trafficking.

So, for the sake of a headline, Norton is claiming that by boosting figures with “time lost dollars,” which never existed, cyber crime is as bad as an industry which is based on real money.

The SMH went a little deeper and discovered that Norton put out a press release on September 11, 2009, claiming cyber crime eclipsed the global drug trade. In other words Norton made the same claim three years ago. This time it is trying to back it up with numbers.

When asked about its figures, Norton said that discrepancies can be explained because much cyber crime goes unreported. “We are confident that the Norton Cybercrime Report is a valid representation of the current state of consumer cyber crime,” the company wrote in response to questions.