The UK government has today published a report into the cost of cybercrime, concluding that the overall cost to the UK economy from cybercrime is £27bn per year.
Wow. £27 billion a year is a huge amount of money. It's even more staggering when you compare it to other problems that Britain faces. For instance, drug-related crime is estimated to cost the UK £13.9 billion a year.
Unfortunately the report, which was compiled for the Office of Cyber Security & Information Assurance by security consultancy Detica, doesn't give any real detail of how it came by the number.
It does break the £27 billion cybercrime total down into different categories - for instance, £9.2 billion comes from theft of intellectual property (IP), and £7.6 billion is calculated for industrial espionage - but the report acknowledges that calculating such figures is "complex" because such incidents are typically not reported.
Well, hate to ask an obvious question but... if they're not being reported, how have they been counted?
Yes, IP theft and industrial espionage are real concerns for businesses, and cybercriminals are perfectly capable of engaging in them, but there needs to be a proper mechanism for reporting cybercrime (both for home users and businesses) before we can begin to whisk up grand totals like this.
Maybe I'm being a bit cheeky comparing the cost of cybercrime to the cost of fighting drugs, especially as the report itself doesn't make the comparison.
However, there has been an ongoing myth, that has been repeated time-and-time again, that the money made by cybercriminals exceeds those of the global drugs trade.. so it seems fun to compare the cost of cybercrime with the cost of the war against drugs. :)
The UK government report into the cost of cybercrime is right that businesses need to take the threat seriously. It's not just the spam and malware attacks that trouble home users that can also cause problems in the office environment. It's also about hackers gaining remote access to your company systems, spying on your activities and stealing information. These are serious concerns.
And although I cast a querulous eyebrow at the statistics being given in the report (at least, I'm fascinated as to how they were calculated), where I strongly agree with the report is in its conclusion that a proper picture of cybercrime in the UK needs to be built up.
Businesses often don't report cybercrime because they are worried about the damage to their reputation. Home users don't report phishing attacks and virus infections because they think no-one gives a damn, or don't know to whom they should turn.
An accurate measure of cybercrime is required in order to provide the proper support that computer users - in business and at home - need to defend against the threats. Once we know the true scale of the problem, and can produce reports that aren't dealt with skepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK's attempts to fight the problem are really working or not.
You can download the "Cost of Cyber Crime" report for yourself from the Cabinet Office's website.Follow @gcluley