cyber economics v2 -measuring the true cost of cybercrime
Post on 02-Nov-2014
565 Views
Preview:
DESCRIPTION
TRANSCRIPT
CyberonomicsMeasuring the true cost of Cybercrime
Shahar Geiger Maor
htt
ps:
//tw
itte
r.co
m/O
p_I
srael/st
atu
s/32
095719
030954
3938
4.2B$
(daily)
Why Measuring Cyber Security?
Cliché
alert!321in :
You Can't Manage What You Don't Measure
“…Cybercrime Cost is estimated $1 Trillion worldwide”
http://www.whitehouse.gov/video/President-Obama-on-Cybersecurity#transcripthttp://www.forbes.com/sites/andygreenberg/2012/08/03/mcafee-explains-the-dubious-math-behind-its-unscientific-1-trillion-data-loss-claim/
Global Risk Landscape (2013)
http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2013.pdf
1.8% Of
GDP
UK = 27B₤
IL = 4.5B
$
The Cost Of Cybercrime in Israel (#1)
:// . . / / / - - - - - - - -https www gov uk government publications the cost of cyber crime joint government and-industry report
The Cost Of Cybercrime in Israel (#1)
4.5B$
http://www.slideshare.net/jimmyschwarzkopf/stki-summit-2012-israeli-it-market
4.5B$ ~66% of 6.7B$
Why Measuring Cyber Security Is So Problematic?
Too many sources of dataThe problems of under-recording and under/over-reportingCybercrime surveys (lack of methodology)Conflicts of interestTerminology and rhetoricsWhat to measure? (impact, loss)
http://www.law.leeds.ac.uk/assets/files/staff/FD18.pdf
The Costs Of Cybercrime To Society
Defense costs
Indirect losses
Direct losses
Cybercrime Supporting Infra.
Criminal revenue
Cost to society
http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf +customizations
Terrorist’s gain
Vendor revenue
0.19% Of GDP
UK = 4.5B₤IL = 460M$
http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf
The Cost Of Cybercrime in Israel (#2)
460M$
http://mops.gov.il/Documents/Publications/CrimeDamage/CrimeDamageReports/CrimeDamageReport2011.pdf
Total cost of crime in Israel
(2012):4B$ Sex Crimes:
170M$
Murder: 100M$
Fraud+ Property: 1,960M$
x2.7
x4.2
23%
Some Insights From An Israeli Security Survey
This survey refers to 2009-2011 (included)Market Average: 2 incidents in 3 years Per organizationMarket score: ~400 incidents in 2011An average security incident looks like this: • Inside factor or known vulnerability/threat• ~50 working hours per incident• ~50K$ per incident (~~~~~~~~~~~)
http://www.slideshare.net/shaharmaor/information-security-stki-summit-2012shahar-geiger-maor-12059675
The Cost Of Cybercrime in Israel (#3)
20M$
http://hackingdefined.org/opisrael/rss.xml
A Brave New Economic Model
Scope Target Impact Timing Reputation
Economic gains
Government’s Role In Cyber Economic MeasurementQuantitative risk assessment may improve cyber security controls and mitigation.
So:
Regulators should encourage the use of cyber economic measurement toolsOne methodologyOne focal pointDiscreet reporting
Thank You!
top related