Government’s £27bn cyber crime figure slammed as 'sales promotion exercise'

The report from the Office of Cyber Security and Information Assurance (OCSIA) and security consultancy Detica - owned by BAE Systems - said businesses were losing about £21 billion a year, mainly through IP theft and industrial espionage in the form of cybercrime.

But the LSE's Peter Sommer said the report was full of "fake precision", with elaborate charts claiming to show the relative costs of IP theft and industrial espionage per industry sector. "The whole report has been orientated to areas in which BAE can offer its facilities and services," he said.

The report also omitted entire ranges of cybercrime, with sexual offences such as child pornography perhaps the biggest area left uncovered, he said.

"It seems rather unfortunate that OSCIA, who have to make important and careful decisions about spending taxpayers' money, should ally themselves to a sales promotion exercise by a BAE subsidiary," he said.

Sommer said there was no means of measuring many of the areas identified in the report. "It looks like such an appallingly bad piece of work," he said. "How on earth can you know that there are £1.4 billion worth of losses in 'online scams' - not a category in law and not defined in the report."

Detica said it conducted the study by collating information from the UK National Statistics Office with other pieces of research estimating cyber crime costs.

A Cabinet Office spokesman said evidence for policy formulation was often based on estimates, particularly for matters such as cyber crime, the exact nature of which could be measured.

"OCSIA has worked with Detica to develop a model as a way of getting an indication of the scale and a first estimate of the cost to the economy," he said. "We are hoping that by raising awareness of this issue through this report and working together with the private sector, we can improve the defences of the UK to mitigate the threat of commercial espionage."

Detective superintendent Charlie McMurdie of the Metropolitan Police's Central e-Crime Unit said that because she was not part of the survey, she was not in a position to comment on its findings.

"Reporting the picture will always be subject to where you look and where you obtain the statistics," she said. "They [OCSIA and Detica] were obviously tasked to look at those specific areas."

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?