Oct 31, 2012

Cybercrime: rarer and less costly than we’re told

New polling from Essential Media debunks the overhyped claims made by computer security companies and politicians about cybercrime and identity theft.

Bernard Keane — Politics editor

Bernard Keane

Politics editor

Cyber crime Despite self-interested claims from companies and governments, identity theft is extremely rare and the costs of cybercrime are significantly lower than claimed, new polling by Essential Research shows. Crikey has previously examined overhyped reports from computer security companies aimed at generating additional sales for their products, hyping the Australian government has happily joined in. According to Attorney-General Nicola Roxon, identity fraud is one of Australia’s fastest growing crimes and one in four Australians "had been a victim or had known someone who had been a victim of identity theft". The key to overhyping cybercrime is to conflate a variety of different crimes under one broad description. But now Essential has disentangled commonly-conflated crimes and asked people to estimate how much they actually cost. And the evidence comprehensively debunks the claims made about cybercrime. According to Essential, just 1% of Australians report ever being the victim of identity theft. If identity theft is "Australia's fastest growing crime" as Nicola Roxon, the AFP and many media reports insists, then it must have been coming off a positively microscopic base. Moreover, 43% of identity theft victims said they suffered no financial loss from the incident. Just over a third -- 36% -- said their loss was between $100 and $500; another 14% said it was between $500-1000. In fact, identity theft was the least expensive crime, averaging a cost of $230, well below the overall average cost of $330. So, identity theft that actually costs people money has happened to 0.57% of Australians. The most common form of "cybercrime", in the very loosest sense, was, unsurprisingly, computer viruses -- 29% of people said they’d had a virus that had damaged their computer or data. Forty two per cent of those reporting a computer virus said they’d suffered no financial loss as a result; 10% reported it cost less than $100 and 25% $100-500. The next most frequent "cybercrime" was having your credit card number stolen -- which of course was a frequent crime in the pre-internet days of paper credit card transactions. Sixteen per cent of people reported having their card number stolen; unsurprisingly nearly 60% of people said they suffered no direct financial loss as a result, given banks frequently either block suspect transactions or reimburse card holders who are out of pocket. Six per cent said it cost them less than $100, and 17% said between $100-500. Online fraud was the most costly crime. One in ten people reported being victims; 8% of victims reported losing over $2000, and another 6% losing between $1000-2000; only 30% said they escaped with no financial loss. The average loss was $490. Three per cent of people said they’d been victims of cyberbullying, and 4% said they’d been targeted by online stalking, invasion of privacy or high levels of harassment. These were the only crimes where there appeared to be a significant gender difference: women were targeted much more often: 5% of women reported being targeted in both crimes compared to 2% of men, although given the sample size (955) the difference is not quite statistically significant. But women on average suffered smaller financial impacts from all cybercrime, being much more likely to see no financial loss than men. Using the financial loss data, it becomes apparent that estimates of losses from cybercrime offered by computer security companies are wildly inflated. Last year Norton claimed cybercrime cost Australians $4.6 billion per annum including $1.8 billion pa in direct costs. This year's survey revised that down to $1.65 billion in direct costs. Based on the Essential results, 44% of Australians, or around 10 million of us, have experienced various types of cybercrime at an average cost of $310. Assuming some victims have suffered multiple instances of cybercrime, let’s revise the cost upward by a generous 50% to $465. That gives us a total lifetime cost of $4.65 billion for Australians -- far short of even the $1.8 billion pa direct cost estimate from Norton. What of course will happen is that the evidence of rarity of identity theft, the low cost of most forms of cybercrime and the relatively low economic impact, none of which fit the preferred narratives of either many in the media, or the government, will be ignored in the face of the continuing hysteria over "Australia’s fastest growing crime".

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

12 thoughts on “Cybercrime: rarer and less costly than we’re told

  1. paddy

    Excellent work Bernard. The incessant whining and exaggerations of the “cyber-security” industry have long been an object lesson in rent seeking.
    Good to read a piece that kicks back with some more realistic figures.

  2. AJH

    The worst examples of computer crime – the ones costing tens or hundreds of thousands of dollars – are the result of hacking into corporate email servers.

    Many companies, particularly smaller ones or those based in developing countries, use webmail for their corporate communications. Webmail accounts are easily hacked, and can be very lucrative. If a manufacturer in China gets hacked, and sends out their new “bank details” to their customers, it can net a crazy amount of money in a few days.

    However, no amount of computer security software or IT savvy on the part of customers will fix these sort of issues. The intrusion occured in another party’s computer systems. The best solution is good old-fashioned sense, checking via phone to confirm any details.

  3. mattsui

    So NORTON claims cybercrimes cost us 1.8 bil’ per year.
    I wonder if that figure includes all the money we spend on purchasing and re-licensing their over-priced software?
    Perhaps they also factored in lost productivity from our computers slowing as said security software chews up RAM and blocks friendly websites?

  4. Ian

    Once again Australia is simply following the lead (Instructions?) of the US in its new war against cyber terrorism and cyber crimes.

    In reality it’s nothing of the sort. It,s another effort to a)instill fear in the people and b) control what people say, hear and do. That’s my opinion and i’m sticking to it.

  5. john2066

    And of course the fact that if you ever do report identity theft to the police/banks, they do absolutely nothing; they couldn’t be bothered investigating it.

    At the same time they are noisily demanding more funding to deal with a problem they are declining to ever do anything about it.

  6. AR

    It’s the perennial woofle dust scham of those in power, security, political or commercial. Scare the bejasus out of the punter with dragons threatening to devour their first born, proffer coercive & expensive (in both monetary & civil liberty costs)which basically say,”we spread this expensive woofle dust to protect you from…insert danger du jour.”
    Should anyone say, “there ARE no, or very unthreatening ..insert boogy beasts.” the response will be,as from the daze of the first priest of the Flying Spaghetti Monster, “it just shows how effective our woofle dust IS!”.
    And Mr & Mrs Pooter will believe it.

  7. Marguerite Blanche

    Hello everyone!
    It’s a real agenda of numerous conferences and discussions…
    But unfortunately there’s no law that can effectively regulate cyber crime. I’ve found a decision – verifying all “”suspicious”” links and emails with scanandtrust. Easy, fast, to the point.

  8. steve Wa

    Maybe over blown but articles like this keep people thinking all is good out there when it is not. Do a little more research and you will see the trend is growing and when people are relaxed, the criminals have an easy target. The real threat is not a loss of dollars, it comes a few years down the road when you find out someone has opened credit accounts in your name or purchased a house….the smart criminals, and they are smart, don’t want your few hundred dollars, they want 50,000.00 lines of credit and new cars and such. Don’t be naive people, it’s a problem and it may not seem big now but as other markets become harder to steal from, your country will look very good. Stay safe.

  9. Ian


    I’d be naive if I thought that governments had our interests at heart and not their true masters – the corporations and the industrial/military complex.

  10. mattsui

    Steve, if someone opens credit accounts or takes out a home loan(???) in my name, that’s a problem for him or her and the institution that was stupid enough to fall for such a ploy. It affects me nought.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details