Cybercrime puts America’s competitive edge and economic future in jeopardy; however, there is some debate as to the extent that this activity is hurting economic activity, according to the National Institute of Standards and Technology. The NIST report examines a selection of the current estimates of U.S. losses due to cybercrime.
Many have questioned the validity of estimates of cybercrime losses, concluding that they are so compromised and biased that no trust can be placed in their findings (Florencio and Herley 2016). Some approximations are potentially underestimating or overestimating the losses due to under sampling, NIST officials said. Others do not report data that lend themselves to estimating national aggregated losses.
It is difficult to substantiate sampling issues, as the methods used are often only partially documented, a problem in and of itself; however, most acknowledge that there are serious data limitations.
To address the issues found, the report:
- Identifies and utilizes data with a large sample size.
- Utilizes data that fully discloses methods and results.
- Utilizes data that is collected and reported by an organization experienced in data collection and reporting.
- Estimates a range of losses by making assumptions that bias the upper estimate upward and the lower estimate downward -Stratifies loss estimates by industry groupings.
- Examines national losses as opposed to global losses.
Losses in 2016 are estimated to be between $167.9 billion and $770.0 billion or between 0.9 % and 4.1 % of U.S. GDP, a stunning amount of loss based on business estimates of their losses.
For manufacturing, the loss is between $8.3 billion and $36.3 billion or 0.4 % and 1.7 % of manufacturing value added.
Advanced Manufacturing Series (NIST AMS) - 100-32
Report Number 100-32
NIST Pub Series
Advanced Manufacturing Series (NIST AMS) or DOI Link
Link to NIST Pubs