wiredmikey (1824622) writes "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 Trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures, have been scrutinized and challenged by many, and viewed as typical security vendor FUD.
NSA Director General Keith Alexander has recently been using the $1 Trillion figure in speeches, as has Senators Leiberman and Collins, whose Cybersecurity Act of 2012 failed to be passed by the Senate this week.
The $1 Trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, "The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman."
The problem with both of these figures — $1Trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report report fittingly titled "Sex, Lies, and Cybercrime", they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population.
The Microsoft researchers concluded: "Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.""
Link to Original Source