We are the IQ of global defence.
Can cyber security investment get the UK out of recession?
By Calum Jeffray
During an industry conference last month, Neira Jones, Head of Payment Security at Barclaycard, posed the question, “Can cyber security contribute to getting the UK out of this recession?”
It’s an interesting questions posed by Jones, who backed up with statement by explaining that If we didn’t spend the amount that we currently do on recovering losses as a result of data breaches and other cyber crime, the saving would be so huge our economy would no longer be in recession.
Although there may be a good number who dispute Jones’s logic, it begs the question – is it possible to accurately measure the cost that the UK is paying as a result of hacking, data theft, corporate espionage, and other offences that come under the umbrella of ‘cyber crime’?
The problem, of course, depends on which set of statistics are to be believed the most.
In February 2011 Detica, a division of BAE Systems, made the headlines when it claimed that cyber crime cost the UK economy a remarkable £27 billion every year. It estimated the cost of IP theft at just over £9 billion and espionage at over £7 billion a year. Having been commissioned by the UK Cabinet Office, the report has since benefited from the “according to government statistics” tagline and is widely quoted in the media.
Fast forward to today, and things don’t seem to have improved much. As Jones stated during her presentation, “It is no a longer a question of if you are hacked, but when”. The first six months of 2012 have seen 35% more data breaches than in the same period in 2011. There has also been a 10% rise in identity theft since 2010.
However, The conclusion of ‘Measuring the cost of cybercrime’, this time commissioned by the UK MoD and produced by an international panel of computer scientists, is that the cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself. It argues society should spend less on anti-virus software and more on policing the internet and tracking down the “small number of gangs” that it claims are often behind the majority of cyber crimes.
Lead author Ross Anderson, Professor of Security Engineering at the University of Cambridge’s Computer Laboratory explains:
“Some police forces believe the problem is too large to tackle. In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software. Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime.”
The report finds that each year the UK spends $1 billion on efforts to protect against or clean up after a threat, including $170 million on anti-virus. By contrast, just $15 million is spent on law enforcement.
So, going solely by this report which suggests that relatively small number of perpetrators are indeed responsible for the majority of cyber attacks, then investing in further policing would be a cost-effective solution to reducing all these costs – even if it doesn’t get the whole of the UK economy out of recession.