$1 trillion global hacking damage estimates overblown
A preliminary report by the Center for Strategic and
International Studies (CSIS), underwritten by Intel's security
software branch McAfee, indirectly acknowledges that McAfee's
previous estimate could be exaggerated.
The $1 trillion figure first appeared in a 2009 press release, which was based on surveys whose authors last year sharply criticized the method, calling it one of the reasons for the crackdown on cyber-espionage by the US Congress and intelligence services.
The preliminary report by CSIS underlines a number of problems, which make it difficult to reach solid estimate of hacking damage to the global economy.
They include the methodology biases that keep many surveys on the subject from being representative and the inability of many companies to identify what has been stolen from them.
The Washington-based think tank also writes about the fact that customers, who give up the services of one company after a breach might spend just as much elsewhere.
The bigger losses might come in abandoned innovation and high-paying jobs after digital technology is stolen and imitated by another party, CSIS said.
But the document notes that it takes a long time to replicate such products and the companies behind the theft may suffer losses in the end due to giving up from their own research.
Therefore, CSIS abstains from voicing a single number of hacking damages, coming up with several figures in their 17-page draft report – all of them still being a lot lower than $1 trillion.
In the opening pages, the
authors say that annual US losses“may reach $100 billion.”But later, they claim damage to the
American economy might have a“lower limit”of $20 billion to $25 billion and a high
end of $140 billion.
The same goes for global losses, which are "probably" in the "range" of $400 billion, a fraction of a percentage point of global income. But further on, it’s stated that the global losses are "probably" in the "range" of $300 billion.
"A very crude extrapolation would be to take this ($20 billion to $140 billion) range for the US, which accounts for a little more than a fifth of global economic activity, and come up with a range of $100 billion to $500 billion for global losses,” the document says.
The CSIS team concluded their report by stressing that the number “is almost certainly an overestimate" due to the undeveloped economies being less dependent of computer networks and intangible property.
When asked by Reuters if McAfee will now remove the $1 trillion dollar estimate from its website, the company’s vice president of government relations, Tom Gann, said that was "a good question," but didn’t have an answer to it.
"This study here is newer, it's based on extra rigorous work, and once it's made public, this is clearly the one we're going to focus on," he said.
In May, a group of US senators have come up with a new legislation, designed to reduce the threat of foreign cyber-espionage and trade secret theft.
The proposed Deter Cyber Theft Act would require the compilation of an annual report on nations that engaged in economic or industrial espionage in cyber-space against the US, American technology targeted by the espionage and items produced using stolen data.
Under the proposed law, the US president would be required to block imports of products containing stolen US technology.