By Bob Gourley
There are threats to our nation’s IT infrastructure and I advocate we all be serious about them. But it is counter productive to exaggerate the threat. The same can be said about the threat of cyber theft of corporate intellectual property and even the espionage threat. These are serious issues that need persistent action at strategic, operational and tactical levels. If you are involved in making cyber defense decisions at any level you want accurate assessments of the threat.
But this is hard to get in the cyber domain. One recent example has to do with estimates on the cost of damage by cyber crime. For years people have re-stated a 2009 estimate published by MacAfee that the global cost of hacking is now at $1 trillion dollars.
I have never seen an estimate that I’m confident in, but one that seems a bit more realistic was just released saying the true global cost is between $100 and $500 Billion dollars. The fact that this is a huge range indicates the study leaders themselves have serious doubts over how precise this can be measured at all.
For more info see: http://ctolink.us/15HOquG
Here is an excerpt from a Reuters story on the report:
Trillion-dollar global hacking damages estimate called exaggerated
(Reuters) – A $1 trillion estimate of the global cost of hacking cited by President Barack Obama and other top officials is a gross exaggeration, according to a new study commissioned by the company responsible for the earlier approximation.
A preliminary report being released Monday by the Center for Strategic and International Studies and underwritten by Intel Corp’s (INTC.O) security software arm McAfee implicitly acknowledges that McAfee’s previous figure could be triple the real number.
The original estimate first appeared in a 2009 press release extrapolating from surveys whose authors last year sharply criticized the method. As the White House, intelligence officials and members of Congress pressed for legislation to improve protection from cyber-espionage, they cited it as reason to take action.
Asked if the No. 2 security software vendor would remove the trillion-dollar estimate from its website, McAfee Vice President of Government Relations Tom Gann said that was “a good question” but that he didn’t know the answer.
“This study here is newer, it’s based on extra rigorous work, and once it’s made public, this is clearly the one we’re going to focus on,” Gann said.
The preliminary report by CSIS, a Washington think tank with expertise in cybercrime and cyber espionage, cites a host of problems in reaching a solid estimate of damage to the globaleconomy, including the methodology biases that keep many surveys from being representative and the inability of many companies to know what was been stolen from them.
More subtle issues include the fact that customers who shun one company after a breach might spend just as much elsewhere. The greatest losses might be in abandoned innovation and high-paying jobs after digital technology is stolen and imitated elsewhere. But it can take years to replicate such products, and the receiving companies could actually lose as well if they come to rely on theft and cut back on their own research, CSIS said.