Feeds

Counting the cost of cybergeddon

Cyberliability witchdoctors cast the runes

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Letter Estimating the value of damage caused by viruses is a tricky business, as John Leyden pointed out in his article Q: What's the AV industry's definition of happy?.

Suggestions that the skill involved is akin to checking the direction of the wind with a wetted finger met with some disagreement.

Here, in full, is a letter from mi2g, outlining why it is actually very, very skillful indeed. Judge for yourselves:

Dear Sir

We are concerned that the conclusions drawn in the Register column of 20th February, authored by John Leyden are misleading. While our global economic damage estimate for MyDoom is indeed significant, the assumption is often made by US critics such as Mr Rosenberger that it is US-focused, whereas in reality it is a global estimate. American critics provide World Trade Centre damage numbers or US Federal budget comparisons assuming that the whole world and the American economy are one and the same. This is simply not true.

We could equally argue that it is in the interest of certain software vendors, who pay for advertising on The Register, to downplay damages to the point that they are negligible so as to avoid any liability at all. MyDoom has affected over 215 countries, with the US accounting for damages of between $12.2bn and $15.0bn. Please note our country-specific resolution of the damage estimate below, showing the top 10 most affected countries:

1. USA - $12.2bn to $15.0bn;
2. UK - $10.3bn to $12.7bn;
3. France - $1.5bn to $1.9bn;
4. China - $1.4bn to $1.7bn;
5. Australia - $1.2bn to $1.5bn;
6. Canada - $1.1bn to $1.3bn;
7. South Korea - $0.9bn to $1.2bn;
8. Germany - $0.8bn to $0.9bn;
9. Italy - $0.7bn to $0.9bn; and
10. Spain - $0.6bn to $0.8bn.

As you know we have been estimating economic damages for hacker attacks, malware and digital risks for over five years and our records go back to 1995. We maintain the world's largest database for hacking and malware attacks. Our initial global estimates of MyDoom damage were small as you will have noticed and grew larger with every passing hour last week to touch the midpoint of $38.5bn at the start of February. In fact, contrary to popular belief, most malware never makes it to $1 million in economic damages during its lifetime.

Our cyberliability insurance work for Lloyd's of London syndicates - operating in business interruption, workers' compensation as well as property and liability - and major banks over the past seven years has been the inspiration behind modelling computer crime and its impact. We assess our conclusions against sampled evidence from private and publicly listed corporations; universities and schools; large and small government and non-government organisations; as well as home users that report online delays, congestion and email service disruption worldwide during a major malware epidemic, DDoS or hacker attack.

We are aware that loss adjusting and economic damage calculation is not an exact science at all but as a relative indicator it can work very well. We do feel that society consistently underestimates the reliance we have on computer networks and the level of damage that occurs on a global scale when disruptive events take place.

Our analysis is always based on reliable research and the judgement of experienced risk management and security professionals. If there is a prevailing opinion that somehow we can accomplish our objective in a superior way in the future, we welcome any clear and constructive presentation of how this could be achieved. Such feedback is naturally valuable to us and can be submitted through www.mi2g.net.

Yours sincerely

DK Matai
Executive Chairman, mi2g

Despite serious jet lag following his recent migration to and from California, our security vulture, John Leyden, argues:

It's incredibly hard to calculate the number of infected systems and the total damage caused during a virus outbreak, partly because costs will vary widely by company. If a company doesn't know itself how much a virus outbreak costs it then how can a third party expect to come up with an accurate figure?

Organisations like mi2g attempt to estimate the cost of patching systems and losses in worker productivity from dealing with a viral outbreak. But patching systems is a core part of the work of most sys admins. So how much extra time has actually been wasted? ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.