Survey: Cost of Cybercrime Reaches $7B

A study by Consumer Reports finds cybercrime has cost U.S. consumers more than $7 billion during the last two years.

A new study has put a price tag of more than $7 billion on the financial suffering experienced by victims of Internet fraud and attacks.

That is how much Consumer Reports 2007 "State of the Net" survey projects U.S. consumers have lost during the last two years to viruses, spyware and phishing schemes. According to the report, consumers face a 1-in-4 chance of becoming a cyber-victim, a number that has slightly decreased since last year.

Consumer Reports and are published by Consumers Union, an independent, nonprofit organization whose stated mission is to work for a fair, safe marketplace for all consumers. The survey was done by the Consumer Reports National Research Center among a sample of more than 2,000 households with Internet access.

Security professionals and analysts said they were not surprised by the figures.

"Recent statistics indicate that one in every 10 Web sites is infected with malware," said Forrester Research analyst Chenxi Wang. "Therefore it is highly likely that an unsuspecting Web consumer—one that does not have adequate protection in place—would encounter a malware hosting Web site browsing the Internet."

The survey found the rate of virus infections remained steady compared to last year, which Consumer Reports calls a mark of progress for consumers and software vendors because threats have grown more complex. In the latest survey, 38 percent of respondents reported a computer virus infection in the last two years, and 17 percent did not have anti-virus software installed.

During the past six months, 34 percent of respondents computers were exposed to a spyware infection. Though the study documented a decrease in spyware infections, the chances of getting one are still 1 in 3, and consumers face a 1-in-11 chance of suffering serious damage.

Eight percent of those surveyed responded to phishing e-mails in the past two years, a number that has remained unchanged during the past two years. The price, however, can be relatively steep—the median cost of a phishing incident is $200.

Dan Hubbard, vice president of security research at San Diego-based Websense, said the likelihood someone can fall victim to a cyber-attack is much higher than 25 percent, considering that most people with e-mail accounts are subjected to spam and phishing schemes.

Children in particular are vulnerable. According to the survey, children are at risk on social networks such as MySpace and Facebook. In households surveyed with minors online, 13 percent of the children registered on MySpace were younger than 14, the minimum age the site officially allows, and 3 percent were under 10.

"Home users are typically not as well versed in security threats and also in what they can do to protect themselves," Wang said. "Therefore majority of them dont have the right protection tools in place to protect themselves from Web threats."

Unlike enterprise users, there is no definitive channel through which security knowledge can be disseminated to home users, she said.

"Organizations who conduct consumer-facing businesses online should and could do more to educate their customers about Internet threats," Wang said. "These businesses can reach out to their customers to promote security tools and educate users about emerging threats and general security awareness. Ultimately, raising the awareness level of users will help reducing fraud and keep business cost low."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.