Feeds

Counting the cost of cybergeddon

Cyberliability witchdoctors cast the runes

  • alert
  • submit to reddit

Gartner critical capabilities for enterprise endpoint backup

Letter Estimating the value of damage caused by viruses is a tricky business, as John Leyden pointed out in his article Q: What's the AV industry's definition of happy?.

Suggestions that the skill involved is akin to checking the direction of the wind with a wetted finger met with some disagreement.

Here, in full, is a letter from mi2g, outlining why it is actually very, very skillful indeed. Judge for yourselves:

Dear Sir

We are concerned that the conclusions drawn in the Register column of 20th February, authored by John Leyden are misleading. While our global economic damage estimate for MyDoom is indeed significant, the assumption is often made by US critics such as Mr Rosenberger that it is US-focused, whereas in reality it is a global estimate. American critics provide World Trade Centre damage numbers or US Federal budget comparisons assuming that the whole world and the American economy are one and the same. This is simply not true.

We could equally argue that it is in the interest of certain software vendors, who pay for advertising on The Register, to downplay damages to the point that they are negligible so as to avoid any liability at all. MyDoom has affected over 215 countries, with the US accounting for damages of between $12.2bn and $15.0bn. Please note our country-specific resolution of the damage estimate below, showing the top 10 most affected countries:

1. USA - $12.2bn to $15.0bn;
2. UK - $10.3bn to $12.7bn;
3. France - $1.5bn to $1.9bn;
4. China - $1.4bn to $1.7bn;
5. Australia - $1.2bn to $1.5bn;
6. Canada - $1.1bn to $1.3bn;
7. South Korea - $0.9bn to $1.2bn;
8. Germany - $0.8bn to $0.9bn;
9. Italy - $0.7bn to $0.9bn; and
10. Spain - $0.6bn to $0.8bn.

As you know we have been estimating economic damages for hacker attacks, malware and digital risks for over five years and our records go back to 1995. We maintain the world's largest database for hacking and malware attacks. Our initial global estimates of MyDoom damage were small as you will have noticed and grew larger with every passing hour last week to touch the midpoint of $38.5bn at the start of February. In fact, contrary to popular belief, most malware never makes it to $1 million in economic damages during its lifetime.

Our cyberliability insurance work for Lloyd's of London syndicates - operating in business interruption, workers' compensation as well as property and liability - and major banks over the past seven years has been the inspiration behind modelling computer crime and its impact. We assess our conclusions against sampled evidence from private and publicly listed corporations; universities and schools; large and small government and non-government organisations; as well as home users that report online delays, congestion and email service disruption worldwide during a major malware epidemic, DDoS or hacker attack.

We are aware that loss adjusting and economic damage calculation is not an exact science at all but as a relative indicator it can work very well. We do feel that society consistently underestimates the reliance we have on computer networks and the level of damage that occurs on a global scale when disruptive events take place.

Our analysis is always based on reliable research and the judgement of experienced risk management and security professionals. If there is a prevailing opinion that somehow we can accomplish our objective in a superior way in the future, we welcome any clear and constructive presentation of how this could be achieved. Such feedback is naturally valuable to us and can be submitted through www.mi2g.net.

Yours sincerely

DK Matai
Executive Chairman, mi2g

Despite serious jet lag following his recent migration to and from California, our security vulture, John Leyden, argues:

It's incredibly hard to calculate the number of infected systems and the total damage caused during a virus outbreak, partly because costs will vary widely by company. If a company doesn't know itself how much a virus outbreak costs it then how can a third party expect to come up with an accurate figure?

Organisations like mi2g attempt to estimate the cost of patching systems and losses in worker productivity from dealing with a viral outbreak. But patching systems is a core part of the work of most sys admins. So how much extra time has actually been wasted? ®

Next gen security for virtualised datacentres

More from The Register

next story
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
Nuts to your poncey hipster coffees, I want a TESLA ELECTRO-CAFE
Examining the frothy disconnect in indie cafe culture
Ex-Apple man Sam Sung - for it is he - sticks namebadge on eBay
Stump up via tat bazaar, do a good thing for ill kids
Check your Clungene, Irish women warned
Have a quick shufti, you may not be pregnant after all
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.