Not really a trillion
I’ve commented before on the lack of accurate data for information security threats. It certainly looks like you really can’t trust vendors to give you accurate and unbiased data, and the latest news from McAfee’s blog is probably an example of this.
McAfee estimates that lost data cost the world’s economy a trillion dollars last year. Unless it’s the U.S. government talking about how much they’re going to spend, you should probably be suspicious of the accuracy of any number that large. I certainly was. Puzzled by this number, I found a copy of the McAfee report, Unsecured Economies – A Trillion Dollar Headwind, that this blog cites.
I wasn’t terribly surprised when the $1 trillion number didn’t actually appear in this report. The report does estimate that the average company lost $4.6 million in data last year. I have to assume that someone just estimated the number of businesses in the world and multiplied it by $4.6 million to get the astounding $1 trillion estimate.
I don’t believe this estimate at all. Part of my skepticism is due to the fact that it’s so much larger than other estimates. The fact that it’s from a security vendor who wants to sell you products and services that can reduce the amount of data that you lose doesn’t help, either.
The 2008 CSI Computer Crime & Security Survey gives a much lower estimate for the value of lost data, for example. And in the several years that this survey has been done, it hasn’t even come close to the McAfee estimates. The 2008 estimate was $288,618, which was down from the $345,005 estimate in 2007. Two years ago, the estimate was $167,713. None of these are close to $4.6 million.
And without estimates of exactly how much information is out there, it’s hard to put estimates of information loss into a useful context. The November 2008 issue of Johns Hopkins Magazine had a feature about the high cost of health care in the U.S. and how to control it. They mention that uninsured people and others who can’t pay their bills cost the U.S. health care system about $30 billion per year. That certainly sounds like a lot of money, but when you consider that it’s only 1.4 percent of the total $2.1 trillion that’s spent on health care in the U.S. every year, it sounds much less important.
So let’s suppose for a moment that McAfee’s estimate of $1 trillion in loss is actually accurate. Does that $1 trillion represent 20 percent of the total value of information, or is it only 0.1 percent of the total value of the information? Without knowing that, the $1 trillion number isn’t really of much value.
Comments