In 10 days time New Zealand’s second annual Cyber Security Awareness Week kicks off with the aim of promoting free computer security advice and information to consumers and small businesses.
NetSafe is organising the programme as one part of the government’s Cyber Security Strategy and with a real focus on reducing the number of cyber incidents (both reported and unreported) and the sum of money lost each year to cyber crime.
Our focus to date has been on technical improvements by home and small business internet users and this year we will also champion awareness of common internet phishing and social engineering style scams.
What impact does cyber crime have on New Zealand?
There is no currently no single source of authoritative data when it comes to the scale of the problem within NZ.
For our 2011/12 programme we relied on Symantec’s annual security research which suggested cyber crime cost New Zealand an estimated $625 million, a figure that was disputed by some people. Symantec revised its methodology for 2012 with the resulting figure put at $463m (the 2012 Cybercrime Report did not include the value of the time computer users lost dealing with frauds).
The Norton numbers suggest more than 2000 adult New Zealanders are affected by cyber crime every day in the form of computer viruses and malware, credit card fraud, online scams, phishing and identity theft.
What we do know at NetSafe – from both other research sources and our own data – is the following:
- The average cyber incident loss reported to NetSafe’s Orb website (www.theorb.org.nz) in 2012 was almost $4000 (August 2012)
- The average security incident reported by businesses to the 2010 NZ Computer Crime and Security Survey was $15,000
- Figures released by the Ministry of Business, Innovation and Employment in February this year show that Kiwis lost close to four million dollars to scams in 2012:
Comparing US data to local reporting information
Yesterday the FBI published its annual IC3 Internet Crime Report for 2012. The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
The full PDF report provides an interesting overview of the American cyber incident reporting landscape – IC3 being the equivalent of our ORB reporting platform. The data gives an insight into report volumes and specific losses/top scams/threats, many of which we have seen reported by NZ residents. Oddly, Australia is the fourth highest country by victim complaints, NZ number 20 so it’s clear it’s not just US residents using the service.
The demographics attached to the most significant scams are intriguing, for example, females aged 50-59 are most affected by romance scams. Such data captured at the point of reporting could feed directly into awareness work such as Cyber Security Awareness Week and a year long educative programme.
What are the report highlights?
In 2012, the IC3 received 289,874 consumer complaints with an adjusted US dollar loss of $525,441,110, which is an 8.3-percent increase in reported losses since 2011
Producing an NZ comparison
Using rough calculations - and note I’m no qualified statistician – you can suggest the US has a population some 70 times the size of NZ. Although the IC3 system clearly has a global reporting approach, 91% of complaints came from US residents. Thus my rough calculations below try and compare the incident levels in the two countries:
US report numbers (using % estimate): 266,374
US$ losses: $436,604,854.17
NZ report numbers: 4205
NZ$ losses: $3,972,734.86 (converts to US$ 3,287,360 at today’s rate)
If you thus scale the US data down by a factor of 70 to directly compare population sizes then US figures would equal:
Comparative predicted NZ report volumes: 3805
Comparative predicted NZ (US$) losses: $6,237,212
Thus my amateur calculations would suggest NZ report volumes are already above expected levels for size of population but losses are lower than the US. Is there are reason for that?
Annual median disposable household income data from 2007 would suggest Americans are 50% ‘richer’ than Kiwis – perhaps they thus have more money to risk? But that doesn’t fully explain the lower NZ losses of course. Maybe New Zealanders are a more educated and more cynical bunch, less likely to fall victim to scams and fraud? Or perhaps our slower internet speeds and perceived geographical remoteness still help protect us from virtual threats?
I would suggest the IC3 which is publishing the 11th annual internet fraud report is more embedded in reporting systems and better established amongst law enforcement and consumer advocacy groups who push victims towards the IC3 system as the central reporting point. The Orb is in year 3 and thus we have some way to go in establishing it as the single point of contact.
For now at least we still require more data when it comes to the impact cybercrime has on the New Zealand economy.