The $1 trillion estimate of the global cost of hacking cited by US President Barack Obama could be triple the real number, a new study by the company responsible for the earlier figure reveals.
A preliminary report by the Center for Strategic and
International Studies (CSIS), underwritten by Intel's security
software branch McAfee, indirectly acknowledges that McAfee's
previous estimate could be exaggerated.
The $1 trillion figure first appeared in a 2009 press release,
which was based on surveys whose authors last year sharply
criticized the method, calling it one of the reasons for the
crackdown on cyber-espionage by the US Congress and intelligence
services.
The preliminary report by CSIS underlines a number of problems,
which make it difficult to reach solid estimate of hacking damage
to the global economy.
They include the methodology biases that keep many surveys on the
subject from being representative and the inability of many
companies to identify what has been stolen from them.
The Washington-based think tank also writes about the fact that
customers, who give up the services of one company after a breach
might spend just as much elsewhere.
The bigger losses might come in abandoned innovation and
high-paying jobs after digital technology is stolen and imitated
by another party, CSIS said.
But the document notes that it takes a long time to replicate
such products and the companies behind the theft may suffer
losses in the end due to giving up from their own research.
Therefore, CSIS abstains from voicing a single number of hacking
damages, coming up with several figures in their 17-page draft
report – all of them still being a lot lower than $1
trillion.
In the opening pages, the
authors say that annual US losses “may reach $100 billion.” But later, they claim damage to the
American economy might have a “lower limit” of $20 billion to $25 billion and a high
end of $140 billion.
The same goes for global losses, which are "probably" in
the "range" of $400 billion, a fraction of a percentage
point of global income. But further on, it’s stated that the
global losses are "probably" in the "range" of $300
billion.
"A very crude extrapolation would be to take this ($20 billion
to $140 billion) range for the US, which accounts for a little
more than a fifth of global economic activity, and come up with a
range of $100 billion to $500 billion for global losses,” the
document says.
The CSIS team concluded their report by stressing that the number
“is almost certainly an overestimate" due to the
undeveloped economies being less dependent of computer networks
and intangible property.
When asked by Reuters if McAfee will now remove the $1 trillion
dollar estimate from its website, the company’s vice president of
government relations, Tom Gann, said that was "a good
question," but didn’t have an answer to it.
"This study here is newer, it's based on extra rigorous work,
and once it's made public, this is clearly the one we're going to
focus on," he said.
In May, a group of US senators have come up with a new
legislation, designed to reduce the threat of foreign
cyber-espionage and trade secret theft.
The proposed Deter Cyber Theft Act would require the compilation
of an annual report on nations that engaged in economic or
industrial espionage in cyber-space against the US, American
technology targeted by the espionage and items produced using
stolen data.
Under the proposed law, the US president would be required to
block imports of products containing stolen US technology.