McAfee Exaggerated Cost of Hacking, Perhaps For Profit

coolnumbr12 writes "A 2009 study (PDF) by the McAfee estimated that hacking costs the global economy $1 trillion. It turns out that number was a massive exaggeration by McAfee, a software security branch of Intel that works closely with the U.S. government at the local, state and federal level. A new estimate by the Center for Strategic and International Studies (and underwritten by McAfee) suggests the number is closer to closer to $300 billion (PDF), but even that much is uncertain. One of McAfee's clients, the Department of Defense, has used the $1 trillion estimate to argue for an expansion of cybersecurity, including 13 new teams dedicated to cyberwarfare. Despite the new data, Reuters said McAfee is still trying to exaggerate the numbers." The $1 trillion study has seen other criticism as well, so the new data is a step in the right direction.

It actually is a trillion dollars

[symbolset]

Further on they say global losses are "probably" in the "range" of $300 billion.

These are the losses - data loss, the costs of identity theft and notification. If you want to count the cost of the Windows malware ecosystem you have to include both the losses and the cost of defense. That's all the costs of data losses, the entire revenues of all antivirus, firewall, next-gen endpoint sofware companies including the (now Intel) McAffee. These things cost money, and without the Windows monoculture they could not persist.

I have long said that the cost of the Windows malware ecosystem far exceeds Microsoft's own revenues. This is proof. The cure is easy: Don't run Windows. You can choose to not have this problem. You can opt out. Google did. If someday your choice of other OS becomes also so infested because it has become too popular and its developers lose track of security you can choose another. The OS isn't really that important anyway.

Re:It actually is a trillion dollars

[sandytaru]

The OS is damn well important if you're trying to play a current gen video game. *sigh*

Re:It actually is a trillion dollars

[symbolset]

If you're running AV then the fraction of expense committed to defense has to be at least 50% of your desktop IT spend because that's how much of a PC's capacity modern AV takes - even though it doesn't work.

Black projects and classified losses

The real number might be closer to the $1T if we allow for the cost of losses that have not been released due to the very existence of the project being secret. They never would have admitted it at the time if a spy had compromised the Manhattan project. Do you think it is any different today?

About $2.5 billion

Cyber war needs cyber casualties, $300 billion is hugely inflated too.

Take out the cost of basic security, which should already be part of business, you don't count the cost of the locks on your doors as losses due to theft, yet these inflated numbers always count the cost of basic security as a loss due to hacking.

The reason this number is hugely inflated is because it's part of the cyber-war justification. If you want a big budget (NSA gets $10 billion? $20 billion? 30?) then you need to be able to inflict casualties. They need to exaggerate a threat from script kiddies to justify that.

Credit card and bank fraud is about 1% of online sales, so it won't be much bigger than that. So 1% of 250 is $2.5 billion:

http://techcrunch.com/2010/03/08/forrester-forecast-online-retail-sales-will-grow-to-250-billion-by-2014/