Cyber crime costing UK a staggering £27bn per year
Cyber crime is costing the UK an estimated £27bn a year, and UK businesses are hit hardest owing to high levels of intellectual property theft and industrial espionage, according to a new report from consultancy Detica and the Office of Cyber Security and Information Assurance. Skip related content
The Cost of Cybercrime study found that the cost to businesses of cyber crime runs to at least £21bn a year, and that intellectual property theft accounts for the largest chunk at £9.2bn, followed by industrial espionage at £7.6bn and extortion at £2.2bn.
Interestingly, direct online theft accounts for just £1.3bn, while loss or theft of customer data represents just £1.1bn, despite usually garnering the biggest headlines.
The government is said to be hit with a £2.2bn annual bill thanks to cyber crime, while taxpayers lose £3.1bn mainly through identity theft (£1.7bn) or other online scams (£1.4bn). Scareware and fake anti-virus scams are said to account for £30m.
The report highlights the need for a more strategic approach to cyber crime, but warned that current estimates of the scale of the problem are being undermined by “a lack of a clear reporting mechanism and the perception that, even if crimes were reported, little can be done”.
Businesses should have access to a “government-sponsored, authoritative, online and interactive service”, according to the report, which would help to raise awareness and promote best practice in cyber defence, as well as provide a centralised reporting mechanism.
Security minister Pauline Neville-Jones argued that cyber crime is a ” national security and commercial priority”, and that the public and private sectors need to co-operate.
“This report is an important example of how government and industry are working together to tackle specific threats posed by criminal use of the internet, and highlights the opportunity we have to turn this to our advantage and get ahead of the curve to drive our economic growth and prosperity,” she added.
However, the figures dwarf the amount that the government is currently spending on cyber security. Just £63m is likely to end up supporting cyber crime prevention out of the £650m pledged to the government’s cyber security strategy.
Some security experts have also called into question the huge figures estimated by Detica in the report, especially given that there is little evidence of how the figures were arrived at.
Sophos senior technology consultant Graham Cluley pointed out in a blog post that the £27bn figure easily smashes the estimated £13.9 billion cost to the UK per year of drug related crime.
There needs to be a proper mechanism for reporting cybercrime (both for home users and businesses) before we can begin to whisk up grand totals like this, he said.
Once we know the true scale of the problem, and can produce reports that aren’t dealt with scepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK’s attempts to fight the problem are really working or not.
Mikko Hyppönen, chief research officer at F-Secure, agreed that £27bn is an incredibly large sum, especially given that most of it seems to have come from IP theft and espionage, which he admitted was “very hard to quanitfy”.