Cybercrime loss estimates about as reliable as piracy estimates

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/tech-policy/news/2012/04/study-shows-cybercrime-estimates-to-be-overblown.ars

By Curt Hopkins
ars technica
April 17, 2012

Since the first zero met the first one, people have been shrilly 
overestimating the effects of computers on our day-to-day lives. Most 
instances of wild exaggeration are eventually brought back down to earth 
(at least for a while). It happened with the wild estimates of economic 
harm done by piracy. The latest aspect of our shared interaction to be 
punctured is cybercrime, the extent and pervasiveness of which has been 
described in terms of near-Apocalyptic overstatement, according to the 
authors of a new report.

The report, "Sex, Lies and Cyber-crime Surveys" (PDF), by Dinei 
Florencio and Cormac Herley of Microsoft Research, has now been 
released.

In an op-ed in the New York Times that coincided with the report's 
release, they wrote, "One recent estimate placed annual direct consumer 
losses at $114 billion worldwide. It turns out, however, that such 
widely circulated cybercrime estimates are generated using absurdly bad 
statistical methods, making them wholly unreliable."

What initially attracted the authors' attention was the disparity 
between the huge figures and the fact that access to these resources 
(money, via hacking) is relatively easy.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org