As brokers of reliable information about the scale of online crime and espionage, most information security vendors would make great used car salesmen — but McAfee’s latest research finally seems to be taking the right path.
In my column at ZDNet Australia this week, I give McAfee some praise for the most recent research they’ve funded, a preliminary report from the Washington-based Center for Strategic and International Studies titled The Economic Impact of Cybercrime and Cyber Espionage that dismantles the daft idea that cyberstuff costs the global economy a trillion dollars a year.
McAfee now admits that you can’t run a small-N survey in a couple dozen large, wealthy nations â€” often a self-selected sample of known crime victims at that â€” and extrapolate the data globally.
Their new figure is “probably measured in the hundreds of billions of dollars”, although they never quite commit to one specific number…
“In the context of a $70 trillion global economy, these losses are small, but that does not mean it is not in the national interest to try to reduce the loss, and the theft of sensitive military technology creates damage whose full cost is not easily quantifiable in monetary terms,” McAfee writes.
True, but as McAfee themselves point out, this supposed cybercrime explosion is really down at the level of shoplifting. Retailers generally budget between 0.5% and 2% for pilferage and other such “shrinkage”.
I also mention my previous critical comments about various infosec vendors’ dodgy statistics — but I don’t link to them, because they were mostly published at non-CBS mastheads. So here’s a selection of stories I’ve written on this subject over the last couple of years.
- Infosec’s mega marketing misalignment mishap, CSO Online, 13 September 2011.
- Hacking up the facts, Technology Spectator, 7 March 2012.
- Symantecâ€™s Sydney SOC surge sounds suspiciously so-so, CSO Online, 20 September 2012.
- Cyber crime wave: tsunami or ripple?, CSO Online, 2 November 2012.
- 2012: the Year of Cyberwar that wasn’t, CSO Online, 21 December 2012.
- Why you SHOULD worry about cybercrime (but it’s no war), Crikey, 25 January 2013.
- China not the only ones taking part in cyber spookery, Crikey, 4 February 2013.
- WordPress attack highlights 30 million targets, ZDNet Australia, 19 April 2013.
- Verizon DBIR confirms we’re rubbish, so let’s do something about it, CSO Online, 23 April 2013.
- Will McAfee’s hacking hyperbole hatchet job kill the trillion-dollar myth?, ZDNet Australia, 27 July 2013.
The two market leaders, Symantec and McAfee, seem to be lifting their game, and publishing statistics that aren’t total crap. Let’s see if they can keep it up, and if other vendors will list their game too.