Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well

from the because-they're-not-losses dept

We’ve talked about exaggerations in “losses” due to infringement for many years. However, we’ve also discussed how claims of “losses” due to so-called “cybercrime” are also massively inflated. It appears that others are figuring this out as well. The NY Times has an op-ed piece from two researchers, Dinei Florencio and Cormac Herley, highlighting how all the claims of massive damages from “cybercrime” appear to be exaggerated — often by quite a bit:

One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.

Most cybercrime estimates are based on surveys of consumers and companies. They borrow credibility from election polls, which we have learned to trust. However, when extrapolating from a surveyed group to the overall population, there is an enormous difference between preference questions (which are used in election polls) and numerical questions (as in cybercrime surveys).

For one thing, in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population.

This is pretty common. In the first link above, we wrote about how a single $7,500 “loss” was extrapolated into $1.5 billion in losses. The simple fact is that, while such things can make some people lose some money, the size of the problem has been massively exaggerated. As these researchers note, this kind of thing happens all the time. They point to an FTC report, where two respondents alone provided answers that effectively would have added $37 billion in total “losses” to the estimate.

This doesn’t mean that the problems should be ignored, just that we should have some facts and real evidence, rather than ridiculous estimates. If the problem isn’t that big, the response should be proportional to that. Unfortunately, that rarely happens. In fact, combining this with the recent ridiculous stories about the need for “cybersecurity,” perhaps we can start to estimate just how much of an exaggeration in FUD the prefix “cyber-” adds to things. I’m guessing it’s at least an order of magnitude. Combine bad statistical methodology with the scary new interweb thing, and you’ve got the makings of an all-out moral panic.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well”

Subscribe: RSS Leave a comment
Anonymous Coward says:

It's all true

I personally lost $150 billion in sales due to cybercrime. You see, this prince in Nigeria promised me $150 billion dollars if he helped me move $1.5 trillion dollars out of Nigeria. But it was all a scam. It was…cybercrime. So there’s proof that our economy lost $150 billion due to cybercrime. And since I was planning on giving it all to orphans, it’s hurting children directly.

Jay says:


“we wrote about how a single $7,500 “loss” was extrapolated into $15 billion in losses”….

sounds quite inflated…

thinking, how this happen ????

we live in the world where it is possible to deliver news faster than light..

just imagine how Pink revolution of tunisia happened…

thanks to innovation like facebook/youtube/greatify which helps to deliver news to right time…

7500=>1.5 billion exxageration …. 🙂

Anonymous Anonymous Coward says:

Cyber vs Real World

There should be no difference between the real world and on the Internet. If it is illegal in the real world, then it should be illegal on the Internet. If it isn’t illegal in the real world, then it should not be illegal on the Internet. No special laws needed.

If there is a problem on the Internet that is not addressed in the real world, one really has to ask themselves why!

Baldaur Regis (profile) says:

What we need...

…is to look at online copyright infringement ONLY (as its the content owners causing the most ruckus right now) and forget about online scams/gambling/atrocity du jour that’s being lumped under the heading of ‘cybercrime’.

We need two numbers: one, the percentage of content infringers as a percentage of the global online population; and two, of that percentage, what is the percentage of casual infringers, i.e., those who would purchase digital content if conditions were right.

In other words, how many hardcore pirates are actually out there, those for whom piracy itself is the attraction? And how many people just pirate for convenience? My (totally empirical) gut feeling is the hardcore number is a tiny fraction of a percent; most casual infringers I know would LOVE to get archival quality copy direct from the source if cost, no DRM and other concerns were satisfied.

If the numbers are large, the current efforts towards paywalls, DRM and basically the way the world is now can be justifiably argued. If the numbers are small, we need yell them at the content providers, and keep yelling until they listen.

Digitari says:


wait, if they are using “hollywood” accounting, is that not an infringement of a trade (not so) secret?? will they now be arrested by a SWAT team??

will they close down any and all the grocery stores nearby for “money laundering” and or the gas stations

what if they bought lottery tickets with their ill gotten money??

Hollywood accounting Must be preserved at all costs. right??

?where’s my shill check?

That Anonymous Coward (profile) says:

But but but there is money to be made!!!
We have to have these horrible problems to justify paying our ‘good friends’ firms, with former government types pitching for them, tons of your money to gain nothing but more headaches for regular people!

Cybercrime its like real crime, except all cyber so you can’t actually see the end result, just take our word for it happening.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...