The overall cost to the UK economy from cyber crime is £27bn per year, according to the first joint Government and industry report into the extent and cost of cyber crime across the UK.
The report was published by the Office of Cyber Security & Information Assurance in the Cabinet Office and information intelligence experts Detica.
With society now almost entirely dependent on cyber space, developing effective strategies to tackle cyber crime requires a better understanding of its impact.
Its breadth and scale have been notoriously difficult to understand and past attempts to set cyber crime policy or develop strategies have been hampered by a real lack of insight into the problem (click image to enlarge).
"The Cost of Cyber Crime" report reveals that while the government and citizens are affected by rising levels of cyber crime, at an estimated £2.2bn and £3.1bn cost respectively, business still bears the lion’s share of the cost.
The report indicates that, at a total estimated cost of £21bn, over three-quarters of the economic impact of cyber crime in the UK is felt by business. In all probability, and in line with worst-case scenarios, the real impact of cyber crime is likely to be much greater.
The study focused on less-understood cyber crimes, including:
- identity theft and online scams affecting UK citizens
- IP theft, industrial espionage and extortion targeted at UK businesses
- fiscal fraud committed against the Government
- £1.7bn per annum for identity theft (similar estimates by CIFAS5 and the IFSC6 were £1.7bn and £1.2bn per annum respectively)
- £1.4bn per annum for online scams
- £30m for scareware and fake anti-virus software
- £9.2bn per annum from IP theft, which has the greatest economic impact of any type of cyber crime considered in this study, and is likely to have the largest impact on companies that create significant quantities of IP or those whose IP is relatively easy to exploit
- £7.6bn per annum from industrial espionage (involving the theft and exploitation of non- IP-related data), which affects companies involved in open-tendering competitions, that rely on large numbers of financial transactions or that are affected (or can be affected) by large share price movements
- £2.2bn per annum from extortion, with large companies being targeted (although our estimates are largely illustrative because we believe this type of cyber crime goes largely unreported)
- £1.3bn per annum from direct online theft, with cyber criminals targeting support services, financial services, the construction and materials industry, and the not-for-profit sector
- £1bn per annum from the loss or theft of customer data, with the significant majority of the impact falling on large companies with more than 500 employees