Never trust cybercrime, piracy loss estimates

Lack of verification and dubious extrapolation mean loss estimates "are generated using absurdly bad statistical methods."

So says Dinei Florencio and Cormac Herly of Microsoft Research in their new report "Sex, Lies and Cyber-crime Surveys." The New York Times gave them op-ed space for this report. Two years ago, the GAO (Government Accountability Office) heaped the same type of scorn on piracy loss estimates, saying it is "difficult, if not impossible, to quantify the economy-wide impacts."

How do bogus loss numbers become "official" over time? Cybercrime victims, such as banks, are loathe to admit losses. Surveys used to estimate losses have to multiply real losses by some number to come up with the size of the total loss. Result? "One unverified claim of $7,500 in phishing losses translates into $1.5 billion." Beware the multipliers.

Losses

My information being used to open fraudulent accounts didn't cost me real money, but it sure took a lot of time to resolve.

aficianado on arstechnica.com

every single "cost of cybercrime" calculation I found - even from government agencies - was based on the same original, unsourced estimate from MarkMonitor, which sells various brand protection services to IP holders.

jaylevitt on news.ycombinator.com

If at the end of the day, the horror stories read online push users and admins to educate themselves, even if out of fear of overly estimated loses, I see no harm.

CLORO on news.ycombinator.com

Lies, damn lies, and statistics

I groaned as soon as I read they used a survey. In my stats classes we make fun of studies that use surveys.

dagonoth on arstechnica.com

This is why I wish the Bureau of Justice Statistics, Uniform Crime Report, and State Governments do a better job of reporting pure cyber-crime statistics. That information would be extremely valuable versus doing surveys.

Jerry Dixon on threatpost.com

I find both sides of the argument to be both ignorant and full of hyperbole in whichever manner they are submitting their "evidence".

Discoceris on arstechnica.com

Better ways?

I suppose you have a better method to gather info about thousands/millions of individuals?.

roken on arstechnica.com

Kudos to the researchers for bringing some cautious sanity and objectivity to the issue, instead of just running away in the other direction.

kjin on news.ycombinator.com

The time aspect really does, as you say, muddy the water in terms of the real cost which is analogous to how difficult it is to assess the real cost of piracy. The time lost to me was real, but I can't quantify how much money it cost.

aficionado on arstechnica.com

Luckily, Rob Reid explains "Copyright Math" to us in "The $8 billion iPod."

For the latest IT news, analysis and how-tos, follow ITworld on Twitter, Facebook, and Google+.

Now read this:

Developer declares 'I am done with the Freemium Business Model'

Khan Academy offers JavaScript as their first computer language

Study says Facebook profile can predict job performance

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies