tip off

Cybercrime: rarer and less costly than we’re told

New polling from Essential Media debunks the overhyped claims made by computer security companies and politicians about cybercrime and identity theft.

Cyber crime

Despite self-interested claims from companies and governments, identity theft is extremely rare and the costs of cybercrime are significantly lower than claimed, new polling by Essential Research shows.

Crikey has previously examined overhyped reports from computer security companies aimed at generating additional sales for their products, hyping the Australian government has happily joined in. According to Attorney-General Nicola Roxon, identity fraud is one of Australia’s fastest growing crimes and one in four Australians “had been a victim or had known someone who had been a victim of identity theft”.

The key to overhyping cybercrime is to conflate a variety of different crimes under one broad description. But now Essential has disentangled commonly-conflated crimes and asked people to estimate how much they actually cost. And the evidence comprehensively debunks the claims made about cybercrime.

According to Essential, just 1% of Australians report ever being the victim of identity theft. If identity theft is “Australia’s fastest growing crime” as Nicola Roxon, the AFP and many media reports insists, then it must have been coming off a positively microscopic base.

Moreover, 43% of identity theft victims said they suffered no financial loss from the incident. Just over a third — 36% — said their loss was between $100 and $500; another 14% said it was between $500-1000. In fact, identity theft was the least expensive crime, averaging a cost of $230, well below the overall average cost of $330.

So, identity theft that actually costs people money has happened to 0.57% of Australians.

The most common form of “cybercrime”, in the very loosest sense, was, unsurprisingly, computer viruses — 29% of people said they’d had a virus that had damaged their computer or data. Forty two per cent of those reporting a computer virus said they’d suffered no financial loss as a result; 10% reported it cost less than $100 and 25% $100-500.

The next most frequent “cybercrime” was having your credit card number stolen — which of course was a frequent crime in the pre-internet days of paper credit card transactions. Sixteen per cent of people reported having their card number stolen; unsurprisingly nearly 60% of people said they suffered no direct financial loss as a result, given banks frequently either block suspect transactions or reimburse card holders who are out of pocket. Six per cent said it cost them less than $100, and 17% said between $100-500.

Online fraud was the most costly crime. One in ten people reported being victims; 8% of victims reported losing over $2000, and another 6% losing between $1000-2000; only 30% said they escaped with no financial loss. The average loss was $490.

Three per cent of people said they’d been victims of cyberbullying, and 4% said they’d been targeted by online stalking, invasion of privacy or high levels of harassment. These were the only crimes where there appeared to be a significant gender difference: women were targeted much more often: 5% of women reported being targeted in both crimes compared to 2% of men, although given the sample size (955) the difference is not quite statistically significant. But women on average suffered smaller financial impacts from all cybercrime, being much more likely to see no financial loss than men.

Using the financial loss data, it becomes apparent that estimates of losses from cybercrime offered by computer security companies are wildly inflated. Last year Norton claimed cybercrime cost Australians $4.6 billion per annum including $1.8 billion pa in direct costs. This year’s survey revised that down to $1.65 billion in direct costs.

Based on the Essential results, 44% of Australians, or around 10 million of us, have experienced various types of cybercrime at an average cost of $310. Assuming some victims have suffered multiple instances of cybercrime, let’s revise the cost upward by a generous 50% to $465. That gives us a total lifetime cost of $4.65 billion for Australians — far short of even the $1.8 billion pa direct cost estimate from Norton.

What of course will happen is that the evidence of rarity of identity theft, the low cost of most forms of cybercrime and the relatively low economic impact, none of which fit the preferred narratives of either many in the media, or the government, will be ignored in the face of the continuing hysteria over “Australia’s fastest growing crime”.

12
  • 1
    paddy
    Posted Wednesday, 31 October 2012 at 1:43 pm | Permalink

    Excellent work Bernard. The incessant whining and exaggerations of the “cyber-security” industry have long been an object lesson in rent seeking.
    Good to read a piece that kicks back with some more realistic figures.

  • 2
    AJH
    Posted Wednesday, 31 October 2012 at 1:59 pm | Permalink

    The worst examples of computer crime - the ones costing tens or hundreds of thousands of dollars - are the result of hacking into corporate email servers.

    Many companies, particularly smaller ones or those based in developing countries, use webmail for their corporate communications. Webmail accounts are easily hacked, and can be very lucrative. If a manufacturer in China gets hacked, and sends out their new “bank details” to their customers, it can net a crazy amount of money in a few days.

    However, no amount of computer security software or IT savvy on the part of customers will fix these sort of issues. The intrusion occured in another party’s computer systems. The best solution is good old-fashioned sense, checking via phone to confirm any details.

  • 3
    mattsui
    Posted Wednesday, 31 October 2012 at 3:00 pm | Permalink

    So NORTON claims cybercrimes cost us 1.8 bil’ per year.
    I wonder if that figure includes all the money we spend on purchasing and re-licensing their over-priced software?
    Perhaps they also factored in lost productivity from our computers slowing as said security software chews up RAM and blocks friendly websites?

  • 4
    Ian
    Posted Wednesday, 31 October 2012 at 5:52 pm | Permalink

    Once again Australia is simply following the lead (Instructions?) of the US in its new war against cyber terrorism and cyber crimes.

    In reality it’s nothing of the sort. It,s another effort to a)instill fear in the people and b) control what people say, hear and do. That’s my opinion and i’m sticking to it.

  • 5
    john2066
    Posted Wednesday, 31 October 2012 at 6:03 pm | Permalink

    And of course the fact that if you ever do report identity theft to the police/banks, they do absolutely nothing; they couldn’t be bothered investigating it.

    At the same time they are noisily demanding more funding to deal with a problem they are declining to ever do anything about it.

  • 6
    AR
    Posted Wednesday, 31 October 2012 at 7:53 pm | Permalink

    It’s the perennial woofle dust scham of those in power, security, political or commercial. Scare the bejasus out of the punter with dragons threatening to devour their first born, proffer coercive & expensive (in both monetary & civil liberty costs)which basically say,”we spread this expensive woofle dust to protect you from…insert danger du jour.”
    Should anyone say, “there ARE no, or very unthreatening ..insert boogy beasts.” the response will be,as from the daze of the first priest of the Flying Spaghetti Monster, “it just shows how effective our woofle dust IS!”.
    And Mr & Mrs Pooter will believe it.

  • 7
    Marguerite Blanche
    Posted Thursday, 1 November 2012 at 3:09 am | Permalink

    Hello everyone!
    It’s a real agenda of numerous conferences and discussions…
    But unfortunately there’s no law that can effectively regulate cyber crime. I’ve found a decision - verifying all “”suspicious”” links and emails with scanandtrust. Easy, fast, to the point.

  • 8
    steve Wa
    Posted Thursday, 1 November 2012 at 6:43 am | Permalink

    Maybe over blown but articles like this keep people thinking all is good out there when it is not. Do a little more research and you will see the trend is growing and when people are relaxed, the criminals have an easy target. The real threat is not a loss of dollars, it comes a few years down the road when you find out someone has opened credit accounts in your name or purchased a house….the smart criminals, and they are smart, don’t want your few hundred dollars, they want 50,000.00 lines of credit and new cars and such. Don’t be naive people, it’s a problem and it may not seem big now but as other markets become harder to steal from, your country will look very good. Stay safe.

  • 9
    Ian
    Posted Thursday, 1 November 2012 at 10:41 am | Permalink

    steve,

    I’d be naive if I thought that governments had our interests at heart and not their true masters - the corporations and the industrial/military complex.

  • 10
    mattsui
    Posted Thursday, 1 November 2012 at 4:30 pm | Permalink

    Steve, if someone opens credit accounts or takes out a home loan(???) in my name, that’s a problem for him or her and the institution that was stupid enough to fall for such a ploy. It affects me nought.

  • 11
    steve Wa
    Posted Friday, 2 November 2012 at 12:00 am | Permalink

    Ian, I am not saying gov has our backs….far from it but the problem is bigger than reported, most incidents never make news, there are few or no requirements for reporting when a breach occurs, most victims do not report losses and it is in the bank and credit card company’s best interests to keep it out of the public eye so that they continue to use their plastic….gov fear mongering for budget increase in the cyberwar, absolutely but the financial threat is real.

    Mattsui, unfortunately it is your problem- The loss of money is not but the damage to your credit is all yours and that is your problem not the crooks or the lenders. (I am in Canada so i am not sure if you have credit Reporting agencies) The costs to repair your credit and the time it takes are not covered by anyone- banks, credit card co’s or gov. Talk to some victims and you will find that it is a problem that will plague them for life. Continually having to defend and repair credit damage caused by some criminal who stole your identity years ago. These guys shop it around forever. Once your identity is stolen, it is on the market forever. May not get used for a few years and then all the sudden it gets sold or found and once again your credit is destroyed.

    I have no gain in spreading fear but I do have 13 years of global research experience in this area. It is a well hidden problem that the governments would love to capitalize on and do nothing about it and that’s certain but then we have the financial industries who want consumers to be totally unaware of the dangers of electronic commerce so they can continue to reap the cost reduction benefits of e-money so they keep it all nice an quiet. Its a tough problem to understand for us as consumers when we only get half truths and lies.

    Retailers absorb most of the billions of dollars in losses and ultimately we as consumers pay through price increases so we do pay for it at the end of the day.

    All I am saying is be smart and do not trust that your details are safe online. If its online, whether shopping or dealing with government services, buying through the mail or even a rewards program, your information is available to criminals all the time and they are only protected by….lines of written code.

    The criminals are making more money with a computer than a gun. No violence, very little costs, very little chance of arrest and they don’t even have I leave the house….it’s only growing.

    Do we have run and hide because the cyber apocalypse is coming? No absolutely not, but we do need some real education and awareness surrounding this subject. A little transparency so that we can choose whether we feel the risks out weigh the rewards.

    I shop and bank online but I do so with understanding the risks.

    So once again, be safe and be smart…..this is a good topic!

  • 12
    Almadon
    Posted Friday, 2 November 2012 at 8:38 am | Permalink

    This discussion seems to imply that there is no loss to Joe & Jane Bloggs if the banks reimburse what’s skimmed from J&J’s accounts. But obviously Joe & Jane ARE paying bank fees which include the costs of cybertheft & sabotage at every level. The banks have a vested interest in hiding these costs. A similar carry-over must occur to consumers with from all goods & services exposed to internet transactions. I think Nicola’s probably right.

Womens Agenda

loading...

Smart Company

loading...

StartupSmart

loading...

Property Observer

loading...