Cyber crime is costing the UK economy £27bn every year with businesses being the most affected, according to a government report.
The security minister Baroness Neville-Jones announced the report that was commissioned by the Cabinet Office into the integrity of computer systems and threats of industrial espionage.
Companies in the pharmaceutical, biotech, IT and chemical sectors are the worst hit according to the study by the Office of Cyber Security and Information Assurance.
Large companies are being targeted and loss through intellectual property (IP) theft was £9.2bn, industrial espionage was £7.6bn and extortion was £2.2bn.
Overall, in the UK while businesses lost £21bn, while individual Britons lost £3.1bn and government lost £3.1bn. The Cabinet Office said that the real loss could be higher.
Security minister Baroness Neville-Jones said the government was determined to work with industry to tackle cyber crime.
Baroness Neville-Jones, Prime Minister David Cameron and Foreign Secretary William Hague met representatives of some of the country’s largest businesses, including Barclays, HSBC, Tesco and BA, this week to discuss the problem.
In last year’s strategic defence and security review (SDSR), attacks on IT systems were identified as one of the four most serious threats to national security. Others are terrorism, natural disasters and major accidents.
David Cameron announced in October that as part of reforms to the UK’s defence capabilities, Britain will spend £650m on a new cyber security programme. Earlier this month, Home Secretary Theresa May had announced a £63m hike in police budgets for fighting cyber crime.
However, a number of security experts have cast doubt on the figures and the way in which cyber crime is defined and measured.
Referencing a recent report from Symantec which indicated cyber crime will cost the UK economy £1.9bn in 2011, David Emm, senior security researcher, Kaspersky Lab UK, said: "Maybe the situation is about to improve dramatically?! Or maybe the divergent figures highlight the real problems that exist when trying to quantify the impact of cybercrime."
"First, the types of cybercrime included or excluded from any study greatly affect the results. Second, how effectively can you measure these things anyway? By definition cybercrime is covert in nature. Cybercriminals don’t publish accounts. Victims may be unaware that they have been victims. Businesses may be unwilling to talk about any losses they incur, while individuals may not know who to turn to," he continued.
"If you read the detail in a study, it will typically highlight these, and other, potential limitations. But it’s headlines that make an impact," Emm added. "In my view, there’s more to be gained by highlighting the potential risks and explaining how to minimise them than in alarming people with abstract numbers that may or may not reflect reality."
Graham Cluley, senior technology consultant at Sophos, agreed. "There needs to be a proper mechanism for reporting cybercrime – both for home users and businesses – before we can begin to whisk up grand totals like this. Although I cast a querulous eyebrow at the statistics being given in the report, I strongly agree with its conclusion that a proper picture of cybercrime in the UK needs to be built up."
"An accurate measure of cybercrime is required in order to provide the proper support that computer users – in business and at home – need to defend against the threats. Once we know the true scale of the problem we can fund the computer crime authorities appropriately, and we can begin to measure if the UK’s attempts to fight the problem are really working or not," he concluded.
