UK's £11bn cybercrime costs: £16bn less than first thought

A report requested by the Ministry of Defence has found that annual cybercrime costs to the UK are less than half a previous government-backed estimate, with traditional fraud online far outweighing new crimes such as phishing
Written by Tom Espiner, Contributor

A Ministry of Defence-initiated report has put the cost of cybercrime to the UK at over £11bn per year, a much lower amount than the previous government-backed estimate of £27bn.

The report (PDF) containing the £11.6bn estimate (all figures converted from dollars) was prepared in response to a request from the Ministry of Defence, and has been published online ahead of the WEIS security conference in Berlin on Tuesday.

"We were extremely reluctant to add anything up... but, cybercrime is costing us a lot more to defend against than the criminals are making," Cambridge University researcher Richard Clayton, one of the researchers behind the report, told ZDNet UK on Friday.

The cost to the UK of traditional tax and welfare fraud moving online, at around £9bn, vastly outweighs completely new forms of cybercrime such as phishing or malware aimed at businesses, which cost around £10m and £4m respectively, according to the report.

"Tax fraud costs £100s per person, banking fraud is £10s per person, and exciting new forms of cybercrime cost tens of pence per person," Clayton said.

Counter-measures against cybercrime, such as antivirus, law enforcement and ISP clean-up, are also far more costly than new forms of cybercrime, according to the report: the bill for countermeasures comes in at £478m a year, compared to around £103m for new cybercrime.

Transitional crimes, which involve both online and offline elements, are around £2bn.

MoD chief scientist Sir Mark Welland first approached the researchers behind the report after the publication of another estimate in 2011 that put the cost of cybercrime to the UK economy at £27bn.

Cybercrime is costing us a lot more to defend against than the criminals are making.
– Richard Clayton, Cambridge University

The 2011 report, which was written by Detica and sponsored by the Cabinet Office, was "greeted with widespread scepticism and seen as an attempt to talk up the threat", according to the WEIS paper. At the time of its publication, it was described as a "unfortunate item of British Aerospace puffery" by Professor Peter Sommer of the London School of Economics, and questions were raised over a lack of clarity around its methodology.

The WEIS paper, which is designed to be open to revision by other experts, will give policy makers more of a basis to make decisions than the 2011 report, according to Clayton.

"It's clear that criticism of the Detica report has reduced its effectiveness," said Clayton. "It's much better to base policy on known unknowns rather than figures that people find very hard to believe."

The Cabinet Office had not responded to a request for comment at the time of writing.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards