Microsoft Researchers: Cyber Crime Losses Exaggerated

Image: Maksim Pasko

Reports of losses from cyber crimes gathered from surveys are greatly exaggerated and often based on unverified, self-reported numbers and skewed results, according to two Microsoft researchers.

In the “Sex, Lies and Cybercrime Surveys” report, Dinei Florencio and Cormac Herley say much of the information on cyber-crime losses comes from surveys, which often overlook the uneven distribution of cyber-crime victims among the populace, and rely on unverified self-reported numbers.

For example, a single individual who claims $50,000 losses, in an N = 1000 person survey, is all it takes to generate a $10 billion loss over the population, the researchers said. Similarly, one unverified claim of $7,500 in phishing losses translates into $1.5 billion, the researchers noted.

Another problem is that cyber-crime value estimates are often inconsistent. As example, the researchers cite the Federal Trade Commission, which in 2004 estimated identity theft at $47 billion, $15.6 billion in 2006, and $54 billion in 2008.

“Either there was a precipitous drop on 2006, or all of the estimates are extremely noisy,” the researchers said.

When surveying cyber-crime estimates, the researchers recommend having a representative sample, without too great of concentration, an adequate upper-tail sampling, and that outliers get checked for error or fabrication.

 

 

email
Filed in: Cyber Tags: , , , , , ,

You might like:

General Dynamics Fidelis Joins Microsoft’s Active Protections Program; Peter George Comments General Dynamics Fidelis Joins Microsoft’s Active Protections Program; Peter George Comments
Google Signs Up 7 Tech Firms for ‘Kubernetes’ Community; Scott Guthrie Comments Google Signs Up 7 Tech Firms for ‘Kubernetes’ Community; Scott Guthrie Comments
Microsoft Starts New Research Project on Fuel Cells With $5M Govt Grant; Sean James Comments Microsoft Starts New Research Project on Fuel Cells With $5M Govt Grant; Sean James Comments
Serco Introduces UK-Based Cyber Training Program; Richard Preece Comments Serco Introduces UK-Based Cyber Training Program; Richard Preece Comments

Leave a Reply

Submit Comment

© 2014 ExecutiveBiz. All rights reserved.