Cyber crime costs the UK economy approximately £27 billion a year according to the government.
Minister of State for security and counter terrorism, Baroness Pauline Neville-Jones, said some of the cyber crime activity was 'state-sponsored'. She estimated that £21 billion was the cost to businesses, £2.2 billion to the government and £3.1 billion to citizens.
Andrew Philpott, VP of sales for UK and Ireland at Websense, said: “When we see a figure of £21 billion it really highlights the level of damage that cyber criminals are doing to UK businesses. Cyber crime is clearly big business in the UK and only a truly unified security architecture, which protects mobile workers and branch offices, can handle this next generation of security threat."
Graham Cluley, senior technology consultant at Sophos, questioned how the amounts were calculated, especially as theft of intellectual property (IP) and industrial espionage are typically not reported.
He said: “If these kind of incidents are not being reported, then how have the figures been counted? Yes, IP theft and industrial espionage are real concerns for businesses and cyber criminals are perfectly capable of engaging in them, but there needs to be a proper mechanism for reporting cyber crime both for home users and businesses, before we can begin to whisk up grand totals like this.
“Although I cast a querulous eyebrow at the statistics being given in the report, I strongly agree with its conclusion that a proper picture of cyber crime in the UK needs to be built up. An accurate measure of cyber crime is required in order to provide the proper support that computer users, in business and at home, need to defend against the threats. Once we know the true scale of the problem we can fund the computer crime authorities appropriately and we can begin to measure if the UK's attempts to fight the problem are really working or not.”
Also doubtful about how the total figure was calculated was David Emm, senior security researcher at Kaspersky Lab UK, who pointed out that the types of cyber crime included or excluded from any study greatly affect the results.
“By definition cyber crime is covert in nature, cyber criminals don't publish accounts and victims may be unaware that they have been victims. Businesses may be unwilling to talk about any losses they incur, while individuals may not know who to turn to,” he said.
“If you read the detail in a study, it will typically highlight these and other potential limitations. But it is headlines that make an impact. In my view, there is more to be gained by highlighting the potential risks and explaining how to minimise them than in alarming people with abstract numbers that may or may not reflect reality.”