Share/E-mail This Story

Email This



Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well

from the because-they're-not-losses dept

We've talked about exaggerations in "losses" due to infringement for many years. However, we've also discussed how claims of "losses" due to so-called "cybercrime" are also massively inflated. It appears that others are figuring this out as well. The NY Times has an op-ed piece from two researchers, Dinei Florencio and Cormac Herley, highlighting how all the claims of massive damages from "cybercrime" appear to be exaggerated -- often by quite a bit:
One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.

Most cybercrime estimates are based on surveys of consumers and companies. They borrow credibility from election polls, which we have learned to trust. However, when extrapolating from a surveyed group to the overall population, there is an enormous difference between preference questions (which are used in election polls) and numerical questions (as in cybercrime surveys).

For one thing, in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population.
This is pretty common. In the first link above, we wrote about how a single $7,500 "loss" was extrapolated into $1.5 billion in losses. The simple fact is that, while such things can make some people lose some money, the size of the problem has been massively exaggerated. As these researchers note, this kind of thing happens all the time. They point to an FTC report, where two respondents alone provided answers that effectively would have added $37 billion in total "losses" to the estimate.

This doesn't mean that the problems should be ignored, just that we should have some facts and real evidence, rather than ridiculous estimates. If the problem isn't that big, the response should be proportional to that. Unfortunately, that rarely happens. In fact, combining this with the recent ridiculous stories about the need for "cybersecurity," perhaps we can start to estimate just how much of an exaggeration in FUD the prefix "cyber-" adds to things. I'm guessing it's at least an order of magnitude. Combine bad statistical methodology with the scary new interweb thing, and you've got the makings of an all-out moral panic.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Glen, Apr 18th, 2012 @ 10:31am

    But, but....

    we need funding for our cyber-security cronies.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Apr 18th, 2012 @ 10:44am

    It's all true

    I personally lost $150 billion in sales due to cybercrime. You see, this prince in Nigeria promised me $150 billion dollars if he helped me move $1.5 trillion dollars out of Nigeria. But it was all a scam. It was...cybercrime. So there's proof that our economy lost $150 billion due to cybercrime. And since I was planning on giving it all to orphans, it's hurting children directly.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Jay, Apr 18th, 2012 @ 10:45am

    Exaggerated!!!

    "we wrote about how a single $7,500 "loss" was extrapolated into $15 billion in losses"....

    sounds quite inflated...

    thinking, how this happen ????

    we live in the world where it is possible to deliver news faster than light..

    just imagine how Pink revolution of tunisia happened...

    thanks to innovation like facebook/youtube/greatify which helps to deliver news to right time...

    cons:
    7500=>1.5 billion exxageration .... :)

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Gak Guk, Apr 18th, 2012 @ 10:52am

    exaggeration

    "This is pretty common. In the first link above, we wrote about how a single $7,500 "loss" was extrapolated into $15 billion in losses."

    The article quoted talks about 1.5 billion, not 15. It seems some more extrapolation happened in the meantime.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Anonymous Coward, Apr 18th, 2012 @ 10:55am

    Cyber vs Real World

    There should be no difference between the real world and on the Internet. If it is illegal in the real world, then it should be illegal on the Internet. If it isn't illegal in the real world, then it should not be illegal on the Internet. No special laws needed.

    If there is a problem on the Internet that is not addressed in the real world, one really has to ask themselves why!

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Baldaur Regis (profile), Apr 18th, 2012 @ 11:11am

    What we need...

    ...is to look at online copyright infringement ONLY (as its the content owners causing the most ruckus right now) and forget about online scams/gambling/atrocity du jour that's being lumped under the heading of 'cybercrime'.

    We need two numbers: one, the percentage of content infringers as a percentage of the global online population; and two, of that percentage, what is the percentage of casual infringers, i.e., those who would purchase digital content if conditions were right.

    In other words, how many hardcore pirates are actually out there, those for whom piracy itself is the attraction? And how many people just pirate for convenience? My (totally empirical) gut feeling is the hardcore number is a tiny fraction of a percent; most casual infringers I know would LOVE to get archival quality copy direct from the source if cost, no DRM and other concerns were satisfied.

    If the numbers are large, the current efforts towards paywalls, DRM and basically the way the world is now can be justifiably argued. If the numbers are small, we need yell them at the content providers, and keep yelling until they listen.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Leigh Beadon (profile), Apr 18th, 2012 @ 11:20am

    Re: exaggeration

    The article quoted talks about 1.5 billion, not 15. It seems some more extrapolation happened in the meantime.

    Indeed. Fixed! Thanks

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    ltlw0lf (profile), Apr 18th, 2012 @ 11:31am

    Ask Kevin Mitnick...

    They've been exaggerating for a very long time. Sun said Kevin stole software valued at $8 million that anyone could have gotten for $30 from their website at the time.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    John Fenderson (profile), Apr 18th, 2012 @ 12:20pm

    Re: Cyber vs Real World

    If it is illegal in the real world, then it should be illegal on the Internet. If it isn't illegal in the real world, then it should not be illegal on the Internet.


    Yes, and it's a good thing that laws are the same in every nation in the world. If they weren't, this would be impossible.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Apr 18th, 2012 @ 12:33pm

    dont tell me. someone stole Hollywood Accounting and used it to produce the Cyber Crime numbers!! oh my God! the sky is falling again!!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    AJBarnes, Apr 18th, 2012 @ 12:57pm

    Just think...

    Think of how many more cars would have been purchased if car thieves would not steal....

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 18th, 2012 @ 1:03pm

    Re: It's all true

    I got lucky, I only lost $8 Billion - someone stole my iPhone.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    DanZee (profile), Apr 18th, 2012 @ 2:02pm

    Cyber Crime

    If the government was really against cyber crime, they would close down the Nigerian scam operations and arrest the office towers full of hackers in Eastern Europe infecting computers with fake anti-virus malware. Oh, silly me. Apparently, the government is only concerned with things Microsoft, the RIAA and the MPAA are worried about!

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Drew (profile), Apr 18th, 2012 @ 2:14pm

    Re: Ask Kevin Mitnick...

    Did you not know when you copy something the value of it goes up at least 100,000 times. If you have a 50 pack of TDK cd-r you could potentially be worth billions!

    FUS RO DAH

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    ltlw0lf (profile), Apr 18th, 2012 @ 2:35pm

    Re: Re: Ask Kevin Mitnick...

    Did you not know when you copy something the value of it goes up at least 100,000 times.

    Wow, so my swapfile must be worth 1 quadrillion dollars by now. If only I could cash that in?

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    The eejit (profile), Apr 18th, 2012 @ 3:33pm

    Re:

    Nah, the sky isn't falling: that's just the RIAA calculating atmospheric quadrodelineation over a spheroid object again.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Digitari, Apr 18th, 2012 @ 3:43pm

    Re:

    wait, if they are using "hollywood" accounting, is that not an infringement of a trade (not so) secret?? will they now be arrested by a SWAT team??

    will they close down any and all the grocery stores nearby for "money laundering" and or the gas stations

    what if they bought lottery tickets with their ill gotten money??

    Hollywood accounting Must be preserved at all costs. right??

    ?where's my shill check?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    That Anonymous Coward (profile), Apr 18th, 2012 @ 4:58pm

    But but but there is money to be made!!!
    We have to have these horrible problems to justify paying our 'good friends' firms, with former government types pitching for them, tons of your money to gain nothing but more headaches for regular people!

    Cybercrime its like real crime, except all cyber so you can't actually see the end result, just take our word for it happening.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    The Moondoggie, Apr 18th, 2012 @ 5:09pm

    Re: Re:

    People from the RIAA can count?

    The sky is falling.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Cerberus (profile), Apr 18th, 2012 @ 8:40pm

    Re: Re: It's all true

    Oh my God, you're lucky you only had 8 songs on it, or the thief would have been able to do considerably more damage to the RIAA with the stolen songs.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This