Cybercrime is leeching the UK economy of a terrifying £27 billion ($43.5 billion) every year according to a new estimate published by the Government.
The headline number put out by the Office of Cyber Security & Information Assurance and consultancy Detica includes a £21 billion cost to business, of which £9.2 billion results from theft of intellectual property (IP) and £7.6 billion from industrial espionage.
Extortion against UK companies accounts for another £2.2 billion, the loss of customer data £1 billion, with £2.2 billion racked up in ‘fiscal’ fraud against the government itself.
Conventional cyberfraud against ordinary citizens is reckoned to be £3.1 billion in total, comprising £1.7 billion from identity theft and another £1.4 billion from online scams. Fake anti-virus scams alone accounts for £30 million of useless software sold to citizens.
“Estimates of the cost of cyber crime have until now not been able to provide a justifiable estimate of economic impact and have failed to address the breadth of the problem,” admit the report’s authors, dryly.
Sceptics - and there will be some – will point to the rather vague methodology used to calculate these figures but there is no doubt that cybercrime has remained an unexamined phenomenon. Putting a figure on it is inherently difficult, not helped by under-reporting and the ignorance of organisations that don’t necessarily realise that they have been victims.
To summarise, the Internet has turned out to have some big downsides not helped by the pathetic underestimate of security's importance by powerful tech companies over the last decade. Sticking to the low regulation orthodoxy that has defined the last quarter of a century, governments twiddled their thumbs as it all unfolded. Until now.
Symantec, meanwhile, has come up with a much lower citizen crybercrime figure of £1.9 billion per annum - a huge discrepancy in the amounts being estimated. A key theme of a study is that cybersecurity is about securing businesses and citizens and not simply the government itself. It has taken policy makers until now to formally acknowledge this.