SCARS™ Insight: Cybercrime – It’s Worse Than We Thought – 2020
A United States Government Analysis Of How Bad Cybercrime Has Become
Reprinted from NIST For Scam Awareness. Authored by Douglas S. Thomas
The cyber-world is relatively new, and unlike other types of assets, cyber assets are potentially accessible to criminals in far-off locations. This distance provides the criminal with significant protections from getting caught; thus, the risks are low, and with cyber assets and activities being in the trillions of dollars, the payoff is high.
When we talk about cybercrime, we often focus on the loss of privacy and security. But cybercrime also results in significant economic losses. Yet the data and research on this aspect of cybercrime are unfortunately limited. Data collection often relies on small sample sizes or has other challenges that bring accuracy into question.
In a recent NIST report (see PDF below), I looked at losses in the U.S. manufacturing industry due to cybercrime by examining an underutilized dataset from the Bureau of Justice Statistics, which is the most statistically reliable data that I can find. I also extended this work to look at the losses in all U.S. industries. The data is from a 2005 survey of 36,000 businesses with 8,079 responses, which is also by far the largest sample that I could identify for examining aggregated U.S. cybercrime losses.
Using this data, combined with methods for examining uncertainty in data, I extrapolated upper and lower bounds, putting 2016 U.S. manufacturing losses to be between 0.4% and 1.7% of manufacturing value-added or between $8.3 billion and $36.3 billion. The losses for all industries are between 0.9% and 4.1% of total U.S. gross domestic product (GDP), or between $167.9 billion and $770.0 billion. The lower bound is 40% higher than the widely cited, but largely unconfirmed, estimates from McAfee.
What makes the estimates startling is that, despite being higher than commonly cited values, the assumptions I used to calculate losses pushed the lower bound estimate down significantly, meaning the true loss may be much higher. I calculated the low value assuming that those who did not respond to the Bureau of Justice Statistics survey did not experience any losses. This amounted to 77% of the 36,000 businesses surveyed being presumed as having no loss; thus, the true loss is most likely higher than the low estimate.
Additionally, the 2005 data from the Bureau of Justice Statistics comes from a time when cybercrime was considered to be less of a problem and the digital economy was smaller. If the Bureau of Justice Statistics data is representative, that is, if the average losses of the respondents’ companies equals the actual average U.S. losses per company, then the losses approach the high estimate of $36.3 billion for manufacturing and $770 billion for all industries. This would make total cybercrime losses greater than the GDP of many U.S. industries, including construction, mining and agriculture. If the losses per company have increased faster than inflation, which is likely, then the losses would be even higher.
Most other estimates, including widely cited values, tend not to present technical details of data collection and analysis. Also, some estimates assume that the ceiling of cybercrime losses doesn’t exceed the cost of car crashes or petty theft in a given year. However, cybercrime is not comparable to other types of property crime or losses. Typical property losses require physical presence, which limits the loss or damage. For instance, a burglar must be physically present to steal an object from a home or business. Cyber assets, however, are potentially accessible to any would-be criminals on the planet without them needing to leave their homes.
The removal of this obstacle (the need for physical presence) is a game-changing factor for criminal activity, making cybercrime more prevalent. For example, my personal information (e.g., Social Security number) has been stolen countless times and my credit card information has been stolen and used on numerous occasions, but my house has never been burglarized and my car has only been broken into once. If I wanted to engage with a cybercriminal, I would only need to look in my email inbox, but I have no idea where I could find a burglar.
My report describes methods in detail, uses public data, and doesn’t assume the losses are similar to other types of crime. Since the data I used from the Bureau of Justice Statistics is from 2005, these estimates are likely low. The digital economy, measured in real dollars, grew 129% between 2005 and 2016, and I did not adjust for this increase. Additionally, the number of businesses, which is used for estimation, was lower in 2016, according to the Census Bureau’s Annual Survey of Entrepreneurs. This pushes my low estimate for losses down even further.
Economic growth in recent years for the U.S. has been between 2% and 3%, at least prior to the COVID-19 pandemic. While this is considered a healthy growth rate, my estimates show that the economy could be growing even faster if not for cybercrime. With the U.S. being a wealthy country and having a commonly spoken language that increases the number of potential offenders (it’s difficult to send phishing emails in an unfamiliar language), it’s a prime target for cybercrime.
Businesses And Government Underestimate The Risk
If businesses and government underestimate the risk, they might underinvest in strategies for mitigating it. For instance, they might hire fewer IT security experts, take unnecessary risks with data/information, or disregard a recommended security measure. The result is unnecessary losses that may be quite substantial. If these losses are in the area of intellectual property, they can also reduce incentives for investing in research and development, limiting economic growth even more. For these reasons, it’s critical to gain a better understanding of cybercrime loss.
The implication from my report is that widely accepted estimates of cybercrime loss may severely underestimate the true value of losses. One of the first steps in addressing a problem such as cybercrime is to understand the magnitude of the loss, what types of losses occur, and the circumstances under which they occur. Without further data collection, we are in the dark as to how much we are losing. But the evidence suggests it’s more than we thought.
Cybercrime Losses: An Examination of U.S. Manufacturing and the Total Economy
Cybercrime Losses: An Examination of U.S. Manufacturing and the Total Economy
TAGS: SCARS, NIST, Government Report, Cybercrime Loses, Scams, Scammers, Fraudsters, Cybercrime, Crybercriminals, Romance Scams, Scam Victims, United States Government Analysis,
SCARS™ Team
Society of Citizens Against Relationship Scams Inc.
A Worldwide Crime Victims Assistance Nonprofit Organization
Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org
PLEASE SHARE OUR ARTICLES WITH YOUR FRIENDS & FAMILY
HELP OTHERS STAY SAFE ONLINE – YOUR KNOWLEDGE CAN MAKE THE DIFFERENCE!
The Latest SCARS Posts:
FIND MORE SCAM NEWS
«SCAMCRIME.COM»
JOIN US ON FACEBOOK
«CLICK HERE»
END
MORE INFORMATION
– – –
Tell us about your experiences with Romance Scammers in our
« Scams Discussion Forum on Facebook »
– – –
FAQ: How Do You Properly Report Scammers?
It is essential that law enforcement knows about scams & scammers, even though there is nothing (in most cases) that they can do.
Always report scams involving money lost or where you received money to:
- Local Police – ask them to take an “informational” police report – say you need it for your insurance
- U.S. State Police (if you live in the U.S.) – they will take the matter more seriously and provide you with more help than local police
- Your National Police or FBI « www.IC3.gov »
- The SCARS|CDN™ Cybercriminal Data Network – Worldwide Reporting Network on « www.Anyscam.com »
This helps your government understand the problem, and allows law enforcement to add scammers on watch lists worldwide.
– – –
To learn more about SCARS visit « www.AgainstScams.org »
Please be sure to report all scammers
on « www.Anyscam.com »
Disclaimer:
SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.
IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.
ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.
A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.
This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.
The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use.
Legal Notices:
All original content is Copyright © 1991 – 2020 Society of Citizens Against Relationship Scams Inc. (D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.
SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide
Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org
Leave A Comment