Quick -- how much money does cybercrime cost the U.S. economy every year? Don't know? Neither does anyone else. Like other illegal activity, cybercrime is very hard to count because the crime mostly happens in secret. Think of the wide-ranging estimates for the drug trade, for example, or even insider trading.
But the folks at the Center for Strategic and International Studies, bankrolled by the computer security firm McAfee, have taken a new approach to tallying up the cybercrime damage, and they've generated an interesting number. It's interesting because the new method results in a total estimate for cybercrime that's actually lower than some others, which you wouldn't expect from a study financed by a company that has a vested interest in pointing out just how much cybercrime there is.
The new study, released Monday, "posits" -- or offers an educated guess -- that cybercrime creates a $100 billion annual loss to the U.S. economy, and as many as 508,000 lost jobs as a result.
CSIS based this estimate on comparisons with other economic losses, such as car crashes, piracy and "pilferage," which is the term economists use for retail inventory that "falls off the back of the truck," if you know what I mean.
"Companies accept rates of 'pilferage' or 'inventory shrinkage' as part of the cost of doing business," CSIS wrote. "For retail companies in the U.S., this falls between 1.5 percent and 2.0 percent of annual sales -- one 2008 estimate put pilferage losses at 1.7 percent."
But the problem with using pilferage as a model, CSIS reports, is that "many companies do not know the extent of their losses, leading them to make decisions about what is an acceptable loss based on inadequate information."
Nonetheless, CSIS assumed that the tolerated costs for cybercrime fall somewhere in line with pilferage, car crashes and the drug trade, yielding a ceiling for their estimated dollar amount of losses.
"All good econometrics is at some point based on assumptions," said Tom Gann, vice president of government relations at McAfee. "Other approaches came up with bigger numbers by doing simple surveys of firms," Gann said. "What's important to us is that we're getting closer to the truth."
Closer, maybe. But McAfee, CSIS and the rest of us still have no way of knowing exactly for sure.