These estimates have been cited on many occasions by government officials, who portray them as evidence of the threat against America. They are hardly the only cyberstatistics used by officials, but they are recurring ones that get a lot of attention. In his first major cybersecurity speech in 2009, President Obama prominently referred to McAfee’s $1 trillion estimate. Sen. Joseph Lieberman, I-Conn., and Sen. Susan Collins, R-Maine, the main sponsors of the Cybersecurity Act of 2012 that is expected to be voted on this week, have also mentioned $1 trillion in cybercrime costs. Last week, arguing on the Senate floor in favor of putting their bill up for a vote, they both referenced the $250 billion estimate and repeated Alexander’s warning about the greatest transfer of wealth in history.
A handful of media stories, blog posts and academic studies have previously expressed skepticism about these attention-getting estimates, but this has not stopped an array of government officials and politicians from continuing to publicly cite them as authoritative. Now, an examination of their origins by ProPublica has found new grounds to question the data and methods used to generate these numbers, which McAfee and Symantec say they stand behind.
One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.
McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analysing the raw data from which the estimate was derived.
I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large, said Eugene Spafford, a computer science professor at Purdue — via redwolf.newsvine.com