According to the 2013 Norton Report, the total cost of cyber crimes to India during August 2012 to July 2013 is estimated to be $4 billion (about Rs 24630 crores). This is 8% more than what was estimated for last year.
The basis for this cost is based on the “Amount spent by a user on replacing hardware or software as well as data after he/she has been subjected to a cyber attack”.
From the definition of the cost it appears that Norton has only taken the “Technical aspects of Information Security” into consideration and used the “replacement cost” as the basis. The estimate appears to have not considered the “Legal Dimension” of the information security or the financial losses suffered by the victims or the liabilities faced by the victims (whether actually incurred or not). Hence the estimate has completely ignored what the common man considers as “Cost of Cyber Crimes”.
It is high time that security firms such as Norton realize that Information Security cannot be looked from a uni dimensional concept of technology. The total cost of cyber crime includes the legal liabilities that may arise on account of a security breach incident. Additionally, costs related to manpower hardening (covering the third dimension in Naavi’s Total Information Assurance model) is also a cost of cyber crime.
However, from a corporate perspective and technical investments into information security tools, the Norton estimate may provide a useful insight.
The study also revealed that nearly 48% of smart phone and tablet users do not take even the basic precautions such as using passwords, having security software or backing up files from their mobile devices.