30 Aug 2012
In a report published on August 1, 2012, independent, non-profit newsroom ProPublica questions the actual size of cybercrime-generated financial losses which had been qualified as the “greatest transfer of wealth in the history” by Gen. Keith Alexander, director of the National Security Agency less than one month before. Quoting from a major antivirus vendor’s report, Gen. Alexander pointed out that intellectual property theft takes $250 billion a year out of American companies’ pockets. In 2009, President Obama held a speech on cybersecurity and relied on another security vendor’s estimate of cybercrime losses, as high as $ 1 trillion globally, to call for a strengthening of the U.S. cyberdefense system.
ProPublica claims that the calculations behind both estimates are not immediately clear.
"I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," stated Eugene Spafford, computer science professor at Purdue University, one of the three independent researchers credited as author of the analysis leading to such estimate.
"I would have objected at the time had I known about it. The intellectual quality of this ($1 trillion number) is below abysmal”, noted Ross Anderson, a security engineering professor at the University of Cambridge, also listed as contributor to the report containing the said estimate.
As for the source of the $250 billion figure, ProPublica says it “remains a mystery”.
Starting from the premises that estimates of this kind may be fuelled by security vendors’ interest in maintaining a tense atmosphere and that monetary damages resulting from data breaches are infinitely more difficult to assess than these companies would have us believe, ProPublica draws attention to major flaws in the way these figures are obtained.
One such flaws is the fact that various vendors’ findings lack a quality assurance system that functions within the academic community and which ensures that the provided data is reliable and accurate.
"From what I’ve seen of the big commercial surveys, they all suffer from major weaknesses, which means the data is worthless, scientifically worthless. But it’s very valuable from a marketing perspective", stated Julie Ryan, a professor of engineering management and systems engineering at George Washington University, in an interview for ProPublica.
Aside from the issue of information accuracy, there remains the question of the extent to which reports or estimates issued by parties likely to be animated by various commercial interests influence the allotment of funds and the setting of national priorities.