Despite self-interested claims from companies and governments, identity theft is extremely rare and the costs of cybercrime are significantly lower than claimed, new polling by Essential Research shows.
Crikey has previously examined overhyped reports from computer security companies aimed at generating additional sales for their products, hyping the Australian government has happily joined in. According to Attorney-General Nicola Roxon, identity fraud is one of Australia’s fastest growing crimes and one in four Australians “had been a victim or had known someone who had been a victim of identity theft”.
The key to overhyping cybercrime is to conflate a variety of different crimes under one broad description. But now Essential has disentangled commonly-conflated crimes and asked people to estimate how much they actually cost. And the evidence comprehensively debunks the claims made about cybercrime.
According to Essential, just 1% of Australians report ever being the victim of identity theft. If identity theft is “Australia’s fastest growing crime” as Nicola Roxon, the AFP and many media reports insists, then it must have been coming off a positively microscopic base.
Moreover, 43% of identity theft victims said they suffered no financial loss from the incident. Just over a third — 36% — said their loss was between $100 and $500; another 14% said it was between $500-1000. In fact, identity theft was the least expensive crime, averaging a cost of $230, well below the overall average cost of $330.
So, identity theft that actually costs people money has happened to 0.57% of Australians.
The most common form of “cybercrime”, in the very loosest sense, was, unsurprisingly, computer viruses — 29% of people said they’d had a virus that had damaged their computer or data. Forty two per cent of those reporting a computer virus said they’d suffered no financial loss as a result; 10% reported it cost less than $100 and 25% $100-500.
The next most frequent “cybercrime” was having your credit card number stolen — which of course was a frequent crime in the pre-internet days of paper credit card transactions. Sixteen per cent of people reported having their card number stolen; unsurprisingly nearly 60% of people said they suffered no direct financial loss as a result, given banks frequently either block suspect transactions or reimburse card holders who are out of pocket. Six per cent said it cost them less than $100, and 17% said between $100-500.
Online fraud was the most costly crime. One in ten people reported being victims; 8% of victims reported losing over $2000, and another 6% losing between $1000-2000; only 30% said they escaped with no financial loss. The average loss was $490.
Three per cent of people said they’d been victims of cyberbullying, and 4% said they’d been targeted by online stalking, invasion of privacy or high levels of harassment. These were the only crimes where there appeared to be a significant gender difference: women were targeted much more often: 5% of women reported being targeted in both crimes compared to 2% of men, although given the sample size (955) the difference is not quite statistically significant. But women on average suffered smaller financial impacts from all cybercrime, being much more likely to see no financial loss than men.
Using the financial loss data, it becomes apparent that estimates of losses from cybercrime offered by computer security companies are wildly inflated. Last year Norton claimed cybercrime cost Australians $4.6 billion per annum including $1.8 billion pa in direct costs. This year’s survey revised that down to $1.65 billion in direct costs.
Based on the Essential results, 44% of Australians, or around 10 million of us, have experienced various types of cybercrime at an average cost of $310. Assuming some victims have suffered multiple instances of cybercrime, let’s revise the cost upward by a generous 50% to $465. That gives us a total lifetime cost of $4.65 billion for Australians — far short of even the $1.8 billion pa direct cost estimate from Norton.
What of course will happen is that the evidence of rarity of identity theft, the low cost of most forms of cybercrime and the relatively low economic impact, none of which fit the preferred narratives of either many in the media, or the government, will be ignored in the face of the continuing hysteria over “Australia’s fastest growing crime”.
Excellent work Bernard. The incessant whining and exaggerations of the “cyber-security” industry have long been an object lesson in rent seeking.
Good to read a piece that kicks back with some more realistic figures.
The worst examples of computer crime – the ones costing tens or hundreds of thousands of dollars – are the result of hacking into corporate email servers.
Many companies, particularly smaller ones or those based in developing countries, use webmail for their corporate communications. Webmail accounts are easily hacked, and can be very lucrative. If a manufacturer in China gets hacked, and sends out their new “bank details” to their customers, it can net a crazy amount of money in a few days.
However, no amount of computer security software or IT savvy on the part of customers will fix these sort of issues. The intrusion occured in another party’s computer systems. The best solution is good old-fashioned sense, checking via phone to confirm any details.
So NORTON claims cybercrimes cost us 1.8 bil’ per year.
I wonder if that figure includes all the money we spend on purchasing and re-licensing their over-priced software?
Perhaps they also factored in lost productivity from our computers slowing as said security software chews up RAM and blocks friendly websites?
Once again Australia is simply following the lead (Instructions?) of the US in its new war against cyber terrorism and cyber crimes.
In reality it’s nothing of the sort. It,s another effort to a)instill fear in the people and b) control what people say, hear and do. That’s my opinion and i’m sticking to it.
And of course the fact that if you ever do report identity theft to the police/banks, they do absolutely nothing; they couldn’t be bothered investigating it.
At the same time they are noisily demanding more funding to deal with a problem they are declining to ever do anything about it.