LONDON (Reuters) - Cyber crime costs the British economy some 27 billion pounds a year and appears to be “endemic,” according to the first official government estimate of the issue published on Thursday.
The study by the Office of Cyber Security and Information Assurance concluded digital crime is a growing, widespread problem, and attempts to address it have been hampered by a real lack of understanding and insight.
Business is bearing the brunt of the costs at an estimated 21 billion pounds, with the pharmaceutical, biotech, IT, and chemical sectors the worst hit.
However, government lost some 2.2 billion pounds and the cost to individual Britons amounted to 3.1 billion pounds, “The Cost of Cyber Crime” report said.
Last year, Britain’s National Security Strategy placed cyber attacks as one of the top threats the country faces, along with terrorism, war and natural disasters.
Britain is now putting some 650 million pounds into a new national cyber security programme.
“The government recently announced our commitment to working in partnership with the private sector to increase our cyber security,” said Security Minister Pauline Neville-Jones.
“It is both a national security and commercial priority and both sides need to work together to strengthen our existing resilience.”
The report said 9.2 billion pounds was lost from intellectual property (IP) theft, 7.6 billion from industrial espionage and 2.2 billion from extortion, with large companies being targeted.
“Our estimates are largely illustrative because we believe this type of cyber crime goes largely unreported,” the report said.
Such crime is highly lucrative, easy to get involved in, and the relative anonymity provided by technology lowers the risk of being caught, the study said.
“Although the existence of cyber crime in the UK economy appears endemic, efforts to tackle it seem to be more tactical than strategic,” it said.
“The problem is compounded by the lack of a clear reporting mechanism and the perception that, even if crimes were reported, little can be done.”
It called for the government and business to work together to build up a more comprehensive picture of the problem, while ministers needed to provide an authoritative service to promote awareness and best practice.
Martin Sutherland, managing director of information intelligence experts Detica, which helped compile the report, said action to address IP theft and espionage has to be taken.
“We must mobilise joint government and industry forces to build a coherent picture of the threat and create a consistent mechanism that will allow businesses to report cyber crime without the risk of reputational damage,” he said.
Editing by Steve Addison