Never trust cybercrime, piracy loss estimates

Lack of verification and dubious extrapolation mean loss estimates "are generated using absurdly bad statistical methods."

So says Dinei Florencio and Cormac Herly of Microsoft Research in their new report "Sex, Lies and Cyber-crime Surveys." The New York Times gave them op-ed space for this report. Two years ago, the GAO (Government Accountability Office) heaped the same type of scorn on piracy loss estimates, saying it is "difficult, if not impossible, to quantify the economy-wide impacts."

How do bogus loss numbers become "official" over time? Cybercrime victims, such as banks, are loathe to admit losses. Surveys used to estimate losses have to multiply real losses by some number to come up with the size of the total loss. Result? "One unverified claim of $7,500 in phishing losses translates into $1.5 billion." Beware the multipliers.


My information being used to open fraudulent accounts didn't cost me real money, but it sure took a lot of time to resolve.

aficianado on

every single "cost of cybercrime" calculation I found - even from government agencies - was based on the same original, unsourced estimate from MarkMonitor, which sells various brand protection services to IP holders.

jaylevitt on

If at the end of the day, the horror stories read online push users and admins to educate themselves, even if out of fear of overly estimated loses, I see no harm.


Lies, damn lies, and statistics

I groaned as soon as I read they used a survey. In my stats classes we make fun of studies that use surveys.

dagonoth on

This is why I wish the Bureau of Justice Statistics, Uniform Crime Report, and State Governments do a better job of reporting pure cyber-crime statistics. That information would be extremely valuable versus doing surveys.

Jerry Dixon on

I find both sides of the argument to be both ignorant and full of hyperbole in whichever manner they are submitting their "evidence".

Discoceris on

Better ways?

I suppose you have a better method to gather info about thousands/millions of individuals?.

roken on

Kudos to the researchers for bringing some cautious sanity and objectivity to the issue, instead of just running away in the other direction.

kjin on

The time aspect really does, as you say, muddy the water in terms of the real cost which is analogous to how difficult it is to assess the real cost of piracy. The time lost to me was real, but I can't quantify how much money it cost.

aficionado on

Luckily, Rob Reid explains "Copyright Math" to us in "The $8 billion iPod."

For the latest IT news, analysis and how-tos, follow ITworld on Twitter, Facebook, and Google+.

Now read this:

Developer declares 'I am done with the Freemium Business Model'

Khan Academy offers JavaScript as their first computer language

Study says Facebook profile can predict job performance

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon