As brokers of reliable information about the scale of online crime and espionage, most information security vendors would make great used car salesmen — but McAfee’s latest research finally seems to be taking the right path.
In my column at ZDNet Australia this week, I give McAfee some praise for the most recent research they’ve funded, a preliminary report from the Washington-based Center for Strategic and International Studies titled The Economic Impact of Cybercrime and Cyber Espionage that dismantles the daft idea that cyberstuff costs the global economy a trillion dollars a year.
McAfee now admits that you can’t run a small-N survey in a couple dozen large, wealthy nations — often a self-selected sample of known crime victims at that — and extrapolate the data globally.
Their new figure is “probably measured in the hundreds of billions of dollars”, although they never quite commit to one specific number…
“In the context of a $70 trillion global economy, these losses are small, but that does not mean it is not in the national interest to try to reduce the loss, and the theft of sensitive military technology creates damage whose full cost is not easily quantifiable in monetary terms,” McAfee writes.
True, but as McAfee themselves point out, this supposed cybercrime explosion is really down at the level of shoplifting. Retailers generally budget between 0.5% and 2% for pilferage and other such “shrinkage”.
I also mention my previous critical comments about various infosec vendors’ dodgy statistics — but I don’t link to them, because they were mostly published at non-CBS mastheads. So here’s a selection of stories I’ve written on this subject over the last couple of years.