Sizing cybercrime: incidents and accidents, hints and allegations

Wednesday 30 September 12:00 - 12:30, Red room

Stephen Cobb (ESET)

  download slides (PDF)

Cybercrime certainly feels like a major threat to network security. Criminals routinely use networks to steal data, defraud companies and consumers, and disrupt normal business operation in both public and private sectors. But just how big a threat is cybercrime? For a problem long characterized as both huge and existential by politicians and industry pundits, cybercrime has largely gone unmeasured, if 'measure' is taken to mean 'ascertain the size of the problem using sound scientific methodology'.

This presentation reviews the cybercrime literature, both commercial and academic, for answers as to why we lack reliable, consistent, longitudinal data on the size and scope of the cybercrime problem. The following issues are addressed:

  • The implications of government failure to measure cybercrime to the extent it measures other crimes.
  • The problems inherent in outsourcing cybercrime surveys to the private sector.
  • The three main categories of research deficiency in cybercrime studies.
  • The inherent complexities of measuring cybercrime.
  • The implications of weak cybercrime statistics for the information security effort.

The paper concludes with suggestions as to how the current dearth of reliable data may be remedied and a call to action to educate the industry on the appropriate use of available data.

Click here for more details about the conference.

Stephen Cobb

Stephen Cobb

Stephen Cobb has been researching computer security and data privacy for 25 years and has advised government agencies and some of the world's largest companies on information assurance strategy, with a focus on new and emerging threats. The author of several books and hundreds of articles on digital security and privacy, Cobb first spoke at Virus Bulletin in 1994 and has been a Certified Information System Security Processional since 1996. He currently leads a San Diego based research team for security solutions provider ESET and is a graduate research student in the Criminology Department of the University of Leicester in England.