Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well
from the because-they're-not-losses dept
We’ve talked about exaggerations in “losses” due to infringement for many years. However, we’ve also discussed how claims of “losses” due to so-called “cybercrime” are also massively inflated. It appears that others are figuring this out as well. The NY Times has an op-ed piece from two researchers, Dinei Florencio and Cormac Herley, highlighting how all the claims of massive damages from “cybercrime” appear to be exaggerated — often by quite a bit:
One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.
Most cybercrime estimates are based on surveys of consumers and companies. They borrow credibility from election polls, which we have learned to trust. However, when extrapolating from a surveyed group to the overall population, there is an enormous difference between preference questions (which are used in election polls) and numerical questions (as in cybercrime surveys).
For one thing, in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population.
This is pretty common. In the first link above, we wrote about how a single $7,500 “loss” was extrapolated into $1.5 billion in losses. The simple fact is that, while such things can make some people lose some money, the size of the problem has been massively exaggerated. As these researchers note, this kind of thing happens all the time. They point to an FTC report, where two respondents alone provided answers that effectively would have added $37 billion in total “losses” to the estimate.
This doesn’t mean that the problems should be ignored, just that we should have some facts and real evidence, rather than ridiculous estimates. If the problem isn’t that big, the response should be proportional to that. Unfortunately, that rarely happens. In fact, combining this with the recent ridiculous stories about the need for “cybersecurity,” perhaps we can start to estimate just how much of an exaggeration in FUD the prefix “cyber-” adds to things. I’m guessing it’s at least an order of magnitude. Combine bad statistical methodology with the scary new interweb thing, and you’ve got the makings of an all-out moral panic.
Filed Under: cybercrime, errors, exaggeration, fud, losses
Comments on “Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well”
But, but....
we need funding for our cyber-security cronies.
It's all true
I personally lost $150 billion in sales due to cybercrime. You see, this prince in Nigeria promised me $150 billion dollars if he helped me move $1.5 trillion dollars out of Nigeria. But it was all a scam. It was…cybercrime. So there’s proof that our economy lost $150 billion due to cybercrime. And since I was planning on giving it all to orphans, it’s hurting children directly.
Re: It's all true
I got lucky, I only lost $8 Billion – someone stole my iPhone.
Re: Re: It's all true
Oh my God, you’re lucky you only had 8 songs on it, or the thief would have been able to do considerably more damage to the RIAA with the stolen songs.
Exaggerated!!!
“we wrote about how a single $7,500 “loss” was extrapolated into $15 billion in losses”….
sounds quite inflated…
thinking, how this happen ????
we live in the world where it is possible to deliver news faster than light..
just imagine how Pink revolution of tunisia happened…
thanks to innovation like facebook/youtube/greatify which helps to deliver news to right time…
cons:
7500=>1.5 billion exxageration …. 🙂
exaggeration
“This is pretty common. In the first link above, we wrote about how a single $7,500 “loss” was extrapolated into $15 billion in losses.”
The article quoted talks about 1.5 billion, not 15. It seems some more extrapolation happened in the meantime.
Re: exaggeration
The article quoted talks about 1.5 billion, not 15. It seems some more extrapolation happened in the meantime.
Indeed. Fixed! Thanks
Cyber vs Real World
There should be no difference between the real world and on the Internet. If it is illegal in the real world, then it should be illegal on the Internet. If it isn’t illegal in the real world, then it should not be illegal on the Internet. No special laws needed.
If there is a problem on the Internet that is not addressed in the real world, one really has to ask themselves why!
Re: Cyber vs Real World
Yes, and it’s a good thing that laws are the same in every nation in the world. If they weren’t, this would be impossible.
What we need...
…is to look at online copyright infringement ONLY (as its the content owners causing the most ruckus right now) and forget about online scams/gambling/atrocity du jour that’s being lumped under the heading of ‘cybercrime’.
We need two numbers: one, the percentage of content infringers as a percentage of the global online population; and two, of that percentage, what is the percentage of casual infringers, i.e., those who would purchase digital content if conditions were right.
In other words, how many hardcore pirates are actually out there, those for whom piracy itself is the attraction? And how many people just pirate for convenience? My (totally empirical) gut feeling is the hardcore number is a tiny fraction of a percent; most casual infringers I know would LOVE to get archival quality copy direct from the source if cost, no DRM and other concerns were satisfied.
If the numbers are large, the current efforts towards paywalls, DRM and basically the way the world is now can be justifiably argued. If the numbers are small, we need yell them at the content providers, and keep yelling until they listen.
Ask Kevin Mitnick...
They’ve been exaggerating for a very long time. Sun said Kevin stole software valued at $8 million that anyone could have gotten for $30 from their website at the time.
Re: Ask Kevin Mitnick...
Did you not know when you copy something the value of it goes up at least 100,000 times. If you have a 50 pack of TDK cd-r you could potentially be worth billions!
FUS RO DAH
Re: Re: Ask Kevin Mitnick...
Did you not know when you copy something the value of it goes up at least 100,000 times.
Wow, so my swapfile must be worth 1 quadrillion dollars by now. If only I could cash that in?
dont tell me. someone stole Hollywood Accounting and used it to produce the Cyber Crime numbers!! oh my God! the sky is falling again!!
Re: Re:
Nah, the sky isn’t falling: that’s just the RIAA calculating atmospheric quadrodelineation over a spheroid object again.
Re: Re: Re:
People from the RIAA can count?
The sky is falling.
Just think...
Think of how many more cars would have been purchased if car thieves would not steal….
Cyber Crime
If the government was really against cyber crime, they would close down the Nigerian scam operations and arrest the office towers full of hackers in Eastern Europe infecting computers with fake anti-virus malware. Oh, silly me. Apparently, the government is only concerned with things Microsoft, the RIAA and the MPAA are worried about!
Re:
wait, if they are using “hollywood” accounting, is that not an infringement of a trade (not so) secret?? will they now be arrested by a SWAT team??
will they close down any and all the grocery stores nearby for “money laundering” and or the gas stations
what if they bought lottery tickets with their ill gotten money??
Hollywood accounting Must be preserved at all costs. right??
?where’s my shill check?
But but but there is money to be made!!!
We have to have these horrible problems to justify paying our ‘good friends’ firms, with former government types pitching for them, tons of your money to gain nothing but more headaches for regular people!
Cybercrime its like real crime, except all cyber so you can’t actually see the end result, just take our word for it happening.