Report: cybercrime costs UK economy £27 billion per year

According to a new joint report from the UK Government and industry, cybercrime costs the UK economy £27 billion a year. However, the report has already been criticised by University of Cambridge researcher Tyler Moore, for the questionable and unverifiable calculations that arrive at this figure.

The UK Cabinet Office says that "With society now almost entirely dependent on cyber space, developing effective strategies to tackle cyber crime requires a better understanding of its impact. Its breadth and scale have been notoriously difficult to understand and past attempts to set cyber crime policy or develop strategies have been hampered by a real lack of insight into the problem."

The report, entitled "The Cost of Cyber Crime", attempts to improve understanding of the problem and was compiled by the Office of Cyber Security & Information Assurance (OCSIA) in the Cabinet Office and information intelligence experts Detica.

Graph showing the cost of different types of cybercrime to the UK economy.
Source: "The cost of Cyber Crime" report Admitting that its figures are estimates and that the real impact of cybercrime is likely to be much greater, the report says that the brunt of the cost is born by business at £21 billion, with an impact of £2.2 billion on government and £3.1 billion directly on citizens. As Moore points out, this is in total a very large amount: "approximately 2% of UK GDP. If the total is accurate, then cyber crime is a very serious problem of utmost national importance." Moore goes on to say "60% of the total cost is ascribed to intellectual property theft (i.e., business secrets, not copied music and films) and espionage." He says the report then goes on to describe the methodology used to calculate losses due to IP theft, but the calculations involve probabilities that are not specified in the report. Only small changes in these probabilities, he says, could result in a much smaller, or larger, final cost estimate.

Cybercrime is defined by the report as the exploitation of computer technology in illegal activities for financial gain. This includes the activities of large organised crime groups, disreputable companies and individuals, but spying by foreign intelligence services is also included. The report looks at the effects of identity theft and online scams on UK citizens, at the effect of IP theft, industrial espionage and extortion on businesses and at fiscal fraud committed against the government.

With the commercial sector being the most affected, businesses are encouraged to examine their risk assessments and to improve their security accordingly, as it is felt this would considerably reduce the economic impact of cybercrime in the UK. The report suggests that selected companies within the most affected business sectors are approached in confidence by the government, since it seems that the open reporting of cybercrime is often inhibited by concerns over loss of trust and reputation. It also recommends provision of a Government sponsored online interactive service to promote awareness of the issues for businesses and to establish best practice in protection against cybercrime.

Citizens are advised to take precautions, such as using a firewall, applying software updates and patches regularly, using recognised anti-malware software and possibly taking out insurance against the impact of identity theft.

Moore does applaud at least the effort being made to measure the costs of cybercrime and agrees that it is right to encourage victims of cybercrime to report it.

See also:

• The Cost of Cyber Crime, the full report from the Cabinet Office (previous link above is to a summary of the report).

(trk)