The overall cost to the UK economy from cyber-crime is £27bn per year, according to the first joint Government and industry report into the extent and cost of cyber-crime across the UK, launched today by the Office of Cyber Security & Information Assurance in the Cabinet Office and information intelligence experts Detica.
The report was undertaken to look at the overall cost to the UK of cyber-crime and, in particular, to gain a better appreciation of the costs of Intellectual Property (IP) theft and industrial espionage.
With society now almost entirely dependent on cyber space, developing effective strategies to tackle cyber-crime requires a better understanding of its impact. Its breadth and scale have been notoriously difficult to understand and past attempts to set cyber-crime policy or develop strategies have been hampered by a real lack of insight into the problem.
“The Cost of Cyber-crime” report reveals that whilst government and the citizen are affected by rising levels of cyber-crime, at an estimated £2.2bn and £3.1bn cost respectively, business bears the lion’s share of the cost. The report indicates that, at a total estimated cost of £21bn, over three-quarters of the economic impact of cyber-crime in the UK is felt by business. In all probability, and in line with worst-case scenarios, the real impact of cyber-crime is likely to be much greater. The theft of Intellectual Property (IP) from business, which has the greatest economic impact of any type of cyber-crime, is estimated to be £9.2bn per annum.
The hardest hit sectors are pharmaceuticals and biotech, electronics, IT and chemicals. Industrial espionage has the second most impact at £7.6bn, followed by £2.2bn from extortion, £1.3bn from direct online theft and £1bn from the loss or theft of customer data. The £3.1bn annual economic cost of cyber-crime to UK citizens includes an estimated £1.8bn for identity theft and £1.4bn for online scams. The report recommends that the UK needs a more comprehensive picture of cyber-crime in order to tackle this issue and that UK businesses interact closely with HMG, sharing data and raising awareness of threats to their security. This work is beginning to be progressed following a high level meeting this week between the Prime Minister, Foreign Secretary, Security Minister and other coalition government ministers and a selected group of senior business leaders from across the UK private sector representing key industries crucial to the UK economy to discuss a new approach to cyber security in the UK.
Illegal activities undertaken by criminals for financial gain that exploit vulnerabilities in the use of the internet and other electronic systems to illicitly access or attack information and services used by citizens, business and government. The types of cybercrime considered include:
• Identity theft and online fraud of UK citizens;
• IP theft, espionage and extortion targeted at UK businesses;
• Fiscal fraud committed against HMG.
The Rt Hon Baroness Neville-Jones, Minister of State for Security, comments: “The government recently announced our commitment to working in partnership with the private sector to increase our cyber security. It is both a national security and commercial priority and both sides need to work together to strengthen our existing resilience. This report is an important example of how government and industry are working together to tackle specific threats posed by criminal use of the internet and highlights the opportunity we have to turn this to our advantage and get ahead of the curve to drive our economic growth and prosperity.”
Martin Sutherland, Detica’s Managing Director, comments: “As crime’s gone digital, this report estimates for the first time the real cost of cyber-crime to the UK. By understanding that business bears the burden of over three-quarters of the £27bn cost of cyber-crime, we are better placed to defend and protect assets crucial to every business sector in today’s interconnected marketplace.The next step is to formulate a more targeted response to IP theft and industrial espionage in particular. We must mobilise joint Government and industry forces to build a coherent picture of the threat and create a consistent mechanism that will allow businesses to report cyber-crime without the risk of reputational damage.”