Studies that estimate the effects of any particular activity on the economy often shout out headline numbers and then spend a lot of time explaining the methodology used to calculate that figure.
A new report (pdf) from the Center for Strategic and International Studies (CSIS), a Washington think-tank, published in association with the software security firm McAfee takes a different route. In a study titled “The Economic Impact of Cybercrime and Cyber Espionage,” the authors tentatively suggested a wide variety of numbers and then attempt to contextualize each of them.
One big problem with estimating losses is the number of factors involved. For example, it emerged today that over $300 million was stolen by hackers from a variety of US companies between 2005 and 2012.
But that just tallies up the cash value of the losses. In addition to those, the firms suffer losses to their brand reputation, and expend time and money through investigations, attempted recovery, and systems upgrades. And then there’s the opportunity-cost losses from service disruptions. How do you put a precise number on that?