Facebook Google Menu Linkedin lock Pinterest Search Twitter



Oct 31, 2012

Cybercrime: rarer and less costly than we're told

New polling from Essential Media debunks the overhyped claims made by computer security companies and politicians about cybercrime and identity theft.

User login status :


Cyber crime

Despite self-interested claims from companies and governments, identity theft is extremely rare and the costs of cybercrime are significantly lower than claimed, new polling by Essential Research shows.

Crikey has previously examined overhyped reports from computer security companies aimed at generating additional sales for their products, hyping the Australian government has happily joined in. According to Attorney-General Nicola Roxon, identity fraud is one of Australia’s fastest growing crimes and one in four Australians “had been a victim or had known someone who had been a victim of identity theft”.

The key to overhyping cybercrime is to conflate a variety of different crimes under one broad description. But now Essential has disentangled commonly-conflated crimes and asked people to estimate how much they actually cost. And the evidence comprehensively debunks the claims made about cybercrime.

According to Essential, just 1% of Australians report ever being the victim of identity theft. If identity theft is “Australia’s fastest growing crime” as Nicola Roxon, the AFP and many media reports insists, then it must have been coming off a positively microscopic base.

Moreover, 43% of identity theft victims said they suffered no financial loss from the incident. Just over a third — 36% — said their loss was between $100 and $500; another 14% said it was between $500-1000. In fact, identity theft was the least expensive crime, averaging a cost of $230, well below the overall average cost of $330.

So, identity theft that actually costs people money has happened to 0.57% of Australians.

The most common form of “cybercrime”, in the very loosest sense, was, unsurprisingly, computer viruses — 29% of people said they’d had a virus that had damaged their computer or data. Forty two per cent of those reporting a computer virus said they’d suffered no financial loss as a result; 10% reported it cost less than $100 and 25% $100-500.

The next most frequent “cybercrime” was having your credit card number stolen — which of course was a frequent crime in the pre-internet days of paper credit card transactions. Sixteen per cent of people reported having their card number stolen; unsurprisingly nearly 60% of people said they suffered no direct financial loss as a result, given banks frequently either block suspect transactions or reimburse card holders who are out of pocket. Six per cent said it cost them less than $100, and 17% said between $100-500.

Online fraud was the most costly crime. One in ten people reported being victims; 8% of victims reported losing over $2000, and another 6% losing between $1000-2000; only 30% said they escaped with no financial loss. The average loss was $490.

Three per cent of people said they’d been victims of cyberbullying, and 4% said they’d been targeted by online stalking, invasion of privacy or high levels of harassment. These were the only crimes where there appeared to be a significant gender difference: women were targeted much more often: 5% of women reported being targeted in both crimes compared to 2% of men, although given the sample size (955) the difference is not quite statistically significant. But women on average suffered smaller financial impacts from all cybercrime, being much more likely to see no financial loss than men.

Using the financial loss data, it becomes apparent that estimates of losses from cybercrime offered by computer security companies are wildly inflated. Last year Norton claimed cybercrime cost Australians $4.6 billion per annum including $1.8 billion pa in direct costs. This year’s survey revised that down to $1.65 billion in direct costs.

Based on the Essential results, 44% of Australians, or around 10 million of us, have experienced various types of cybercrime at an average cost of $310. Assuming some victims have suffered multiple instances of cybercrime, let’s revise the cost upward by a generous 50% to $465. That gives us a total lifetime cost of $4.65 billion for Australians — far short of even the $1.8 billion pa direct cost estimate from Norton.

What of course will happen is that the evidence of rarity of identity theft, the low cost of most forms of cybercrime and the relatively low economic impact, none of which fit the preferred narratives of either many in the media, or the government, will be ignored in the face of the continuing hysteria over “Australia’s fastest growing crime”.

Bernard Keane — Politics Editor

Bernard Keane

Politics Editor

Bernard Keane is Crikey’s political editor. Before that he was Crikey’s Canberra press gallery correspondent, covering politics, national security and economics.

Get a free trial to post comments
More from Bernard Keane


We recommend

From around the web

Powered by Taboola


Leave a comment

12 thoughts on “Cybercrime: rarer and less costly than we’re told

  1. steve Wa

    Ian, I am not saying gov has our backs….far from it but the problem is bigger than reported, most incidents never make news, there are few or no requirements for reporting when a breach occurs, most victims do not report losses and it is in the bank and credit card company’s best interests to keep it out of the public eye so that they continue to use their plastic….gov fear mongering for budget increase in the cyberwar, absolutely but the financial threat is real.

    Mattsui, unfortunately it is your problem- The loss of money is not but the damage to your credit is all yours and that is your problem not the crooks or the lenders. (I am in Canada so i am not sure if you have credit Reporting agencies) The costs to repair your credit and the time it takes are not covered by anyone- banks, credit card co’s or gov. Talk to some victims and you will find that it is a problem that will plague them for life. Continually having to defend and repair credit damage caused by some criminal who stole your identity years ago. These guys shop it around forever. Once your identity is stolen, it is on the market forever. May not get used for a few years and then all the sudden it gets sold or found and once again your credit is destroyed.

    I have no gain in spreading fear but I do have 13 years of global research experience in this area. It is a well hidden problem that the governments would love to capitalize on and do nothing about it and that’s certain but then we have the financial industries who want consumers to be totally unaware of the dangers of electronic commerce so they can continue to reap the cost reduction benefits of e-money so they keep it all nice an quiet. Its a tough problem to understand for us as consumers when we only get half truths and lies.

    Retailers absorb most of the billions of dollars in losses and ultimately we as consumers pay through price increases so we do pay for it at the end of the day.

    All I am saying is be smart and do not trust that your details are safe online. If its online, whether shopping or dealing with government services, buying through the mail or even a rewards program, your information is available to criminals all the time and they are only protected by….lines of written code.

    The criminals are making more money with a computer than a gun. No violence, very little costs, very little chance of arrest and they don’t even have I leave the house….it’s only growing.

    Do we have run and hide because the cyber apocalypse is coming? No absolutely not, but we do need some real education and awareness surrounding this subject. A little transparency so that we can choose whether we feel the risks out weigh the rewards.

    I shop and bank online but I do so with understanding the risks.

    So once again, be safe and be smart…..this is a good topic!

Leave a comment