A couple of weeks ago I posted an entry on here about the size of the cybercrime problem from a dollar perspective. I pointed out that is was reported that US banks had lost US$40 million per month for the third quarter of 2009 due to online banking fraud. Also, the 2009 Internet Crime Report from IC3 reported that they had received 336,655 complaints which totaled US$560 in losses for 2009 alone.
Now we've seen reports that an FBI director at the recent RSA conference has acknowledged that most organizations that have been hit by security breaches (and by law don't have to disclose the breach) do not report the breach to law enforcement agencies or organizations such as the IC3.
So here we have some huge dollar figures being quoted for reported losses to cybercrime, and the point being made that the number of complaints being made are basically the tip of the iceberg – and we can't see how big the iceberg under the water.
As I said in my previous post, cybercrime seems to be the crime world's best kept secret. And until people and organizations all disclose the fact that they have been attacked and what losses (if any) they have incurred, we won't have an accurate idea of the size of the problem.
If we don't have an accurate idea about the size of the problem, it will be impossible to give it the attention it requires and the resources need to address it successfully.
Senior Cybercrime Research Analyst
Author ESET Research, ESET