Despite self-interested claims from companies and governments, identity theft is extremely rare and the costs of cybercrime are significantly lower than claimed, new polling by Essential Research shows.
Crikey has previously examined overhyped reports from computer security companies aimed at generating additional sales for their products, hyping the Australian government has happily joined in. According to Attorney-General Nicola Roxon, identity fraud is one of Australia’s fastest growing crimes and one in four Australians “had been a victim or had known someone who had been a victim of identity theft”.
The key to overhyping cybercrime is to conflate a variety of different crimes under one broad description. But now Essential has disentangled commonly-conflated crimes and asked people to estimate how much they actually cost. And the evidence comprehensively debunks the claims made about cybercrime.
According to Essential, just 1% of Australians report ever being the victim of identity theft. If identity theft is “Australia’s fastest growing crime” as Nicola Roxon, the AFP and many media reports insists, then it must have been coming off a positively microscopic base.
Moreover, 43% of identity theft victims said they suffered no financial loss from the incident. Just over a third — 36% — said their loss was between $100 and $500; another 14% said it was between $500-1000. In fact, identity theft was the least expensive crime, averaging a cost of $230, well below the overall average cost of $330.
So, identity theft that actually costs people money has happened to 0.57% of Australians.
The most common form of “cybercrime”, in the very loosest sense, was, unsurprisingly, computer viruses — 29% of people said they’d had a virus that had damaged their computer or data. Forty two per cent of those reporting a computer virus said they’d suffered no financial loss as a result; 10% reported it cost less than $100 and 25% $100-500.
The next most frequent “cybercrime” was having your credit card number stolen — which of course was a frequent crime in the pre-internet days of paper credit card transactions. Sixteen per cent of people reported having their card number stolen; unsurprisingly nearly 60% of people said they suffered no direct financial loss as a result, given banks frequently either block suspect transactions or reimburse card holders who are out of pocket. Six per cent said it cost them less than $100, and 17% said between $100-500.
Online fraud was the most costly crime. One in ten people reported being victims; 8% of victims reported losing over $2000, and another 6% losing between $1000-2000; only 30% said they escaped with no financial loss. The average loss was $490.
Three per cent of people said they’d been victims of cyberbullying, and 4% said they’d been targeted by online stalking, invasion of privacy or high levels of harassment. These were the only crimes where there appeared to be a significant gender difference: women were targeted much more often: 5% of women reported being targeted in both crimes compared to 2% of men, although given the sample size (955) the difference is not quite statistically significant. But women on average suffered smaller financial impacts from all cybercrime, being much more likely to see no financial loss than men.
Using the financial loss data, it becomes apparent that estimates of losses from cybercrime offered by computer security companies are wildly inflated. Last year Norton claimed cybercrime cost Australians $4.6 billion per annum including $1.8 billion pa in direct costs. This year’s survey revised that down to $1.65 billion in direct costs.
Based on the Essential results, 44% of Australians, or around 10 million of us, have experienced various types of cybercrime at an average cost of $310. Assuming some victims have suffered multiple instances of cybercrime, let’s revise the cost upward by a generous 50% to $465. That gives us a total lifetime cost of $4.65 billion for Australians — far short of even the $1.8 billion pa direct cost estimate from Norton.
What of course will happen is that the evidence of rarity of identity theft, the low cost of most forms of cybercrime and the relatively low economic impact, none of which fit the preferred narratives of either many in the media, or the government, will be ignored in the face of the continuing hysteria over “Australia’s fastest growing crime”.