The media has an uncanny ability to make the world look scary. Brilliant packaging and all us citizens love to watch it … so we get more of it.

It looks like scaremongering to me. These figures are probably grossly mis-used and inflated.

To add to Ian’s point on CCTV:

Crime detection/resolution: The 300 crimes filmed include stuff such as urinating on lampposts and deunken brawls. When serious crimes are filmed, only in a minority of cases is the what is captured and the video quality good enough to produce information that helps with the investigation. The number of cases in which what relevant information is captured at sufficient quality to move the culprit to plead guilty (which does save a lot of time/effort) or use as evidence in court is much smaller. And it is usually only one piece of a set of evidence.

Crime prevention: Most violent crime has a an affective or intoxication component – the attackers are not aware of CCTV, or don’t care, and by the time the crime has been detected, police has been alerted and arrives, the damage is done. Non-violent crime tends to be displaced, or attackers disguise their appearance (masks, baseball caps) and use false number plates.

Many of the other figures meaningless taken out of context – such as

1. The total number of transactions made, and profits made, against the number of fraudulent transactions. Even if $3b is lost due to phishing, it’s a small amount of the total number of transactions made. And if the security countermeasures would cost more than the fraud, in many cases, you’re would just accept the fraud as cost of doing business.

2. Even if on paper the cost of crime is higher than deploying the security measure, a) the operational cost of security (e.g. delay in business processes) is often underestimated, and b) it does not mean that deploying the security measure will make the crime vanish – it may just displace it elsewhere.

3. Spending on IT security has not risen 3x. The reference below states that IT spending has been static in the past 2-3 years, whereas spending on IT security has increased by 17%.

C. Derrick Huang, Qing Hu & Ravi S. Behara (2006): Economics of Information Security Investment in the Case of Simultaneous Attacks. WEIS (Workshop on Economics of Information Security) 06.

Very helpful stuff. Thanks all!

Friends in Westmoreland GM ran a series of lectures about why military force is no longer appropriate (mainly because you can’t impose peace, and as such you can not ‘win’). This was a series of lectures given and then published and distributed to those in positions of power to influence them. This included giving a talk at Sandhurst after which about half the audience stayed to talk informally. All the texts of the lectures are available on their website.
http://www.preparingforpeace.org/

Also Alison Prout (alisonp [at] quaker.org.uk) in QPSW is conducting work on ‘Human Security’, which ties in the notion that if people feel their immediate safety is at risk, through lack of food and other human basics, they are more likely to create situations of instability for those of us who are not in immediate danger. This tied in with climate change affecting crop yields and the food riots which have been seen in many countries as staple prices rise.

Maybe the message is that living in a ‘gated community’ be it a few houses or western Europe is not viable in the long term and we are all in this together so we’d better look to make life at least tolerable for the others in the global village.

“Average number of times a Briton is filmed on CCTV in one day: 300…”

everyone always quotes this number — and has done for years, which must mean that it no longer has a basis in fact

“Americans using the same password for most online accounts: 63%…”

“most” would cover every damn fool newspaper who thinks that they want to track their users… giving them the same “abc” password makes no
difference to security. So hard to interpret if this is a scary figure or common sense by the majority of people

“Computers that are daily controlled by malicious bots: 40%…”

This is complete nonsense — most experts if pressed will give you a number between 3 and 8 percent; probably mainly towards the low end of
this range. They will then tell you that they actually haven’t a clue what the number should be, and there are no studies to help.

Spyware will push the number up into double digits (possibly past 40% if you are wide-ranging in your definitions…) But that’s a different risk altogether

“Unique samples of malicious software discovered in 2007: 5 million…”

bollocks! they can’t read — this is out by a factor of about 10 (the recent Symantec report has 499811 for second half of 2007 and about 200K
for the first half — but all this means is that the way that they count uniqueness doesn’t understand the trivial changes made from one version to another, so they treat similar things as different

“Increase in number of unique samples of malicious software over 2006: 5X…”

as before

“Average time before an unprotected online computer becomes infected with a virus: 20 minutes

more bollocks! there have been so few experiments on this that an average doesn’t mean anything.

Anyway, what they mean is not “unprotected” but “with out of date software”, and I’d speculate that with the drop in online worms, the
average time is probably much higher these days

“Hours of victim’s personal time required to reclaim stolen identity: 600

I think that’s low, from the US experience…

“Commercial Security
Personal-data records compromised by security breaches last year: 162 million

in which country ? global population 6 billion — so trivia

“Total arrests made in conjunction with these security breaches: 19…”

many of the security breaches are loss of control of laptops, leaving CDs in seat back pockets on planes etc — expecting arrests in conjunction with these isn’t reasonable — so the figure means nothing unless you set it against the number of arrests you might expect

“Total losses worldwide due to phishing attacks last year: $3 billion”

right magnitude, but if anyone actually knew where it was in the range 1.5 to 5 billion I’d be astounded

“Estimated cyber crime market size: $100 billion…”

way too high

“Global mobile operators hit by mobile device infections last year: 83%…”

this figure is likely to be 0% or 100%, I suspect the others lied to the person conducting the survey

“IT executives who do not monitor their databases for suspicious activity: 40%…”

more lies to interviewers, I’d expect it to be 4%

“Cost of corporate espionage to the world’s 1,000 largest companies: $45 billion..”

lies to stockholders

“Corporate security breaches perpetrated by employees or contractors: 70%…”

sounds low

“Potential economic impact per 100,000 persons of a bioterrorist attack: $26.2 billion”

sounds like this one was taken from a project funding pitch to the Homeland Security Agency

“Cost to vaccinate 100,000 people against such attack: $16.3 million….”

assuming one knew what to vaccinate with

“Annual number of people given terrorist risk-assessment scores by the USA’s Automated
Targeting System: 431 million
Accuracy of Automated Targeting System: 99.9%”

more project funding pitches

“Annual number of false alarms by Automated Targeting System: 431,000…”

how many were acted on, what does this figure mean

“Reduction of Middle East & South Asia’s Internet capacity due to damaged undersea cable: 70%…”

it was more than one cable

“Duration of YouTube.com’s global outage due to interference by Pakistani government: 2 hours…”

it was a technician’s cockup (albeit responding to a Government initiative) … and most of the world was back within an hour

BTW: it used to be small ISPs in Israel and Florida who caused this sort of outage — and similar ones happen every day; just not to YouTube

Crime reduction in U.K. credited to CCTV: 5%

This is a West-end quality misstatement of the conclusions of the only credible large-scale criminological evaluation of CCTV effectiveness in the UK, which found that CCTV rarely has a significant effect, reducing crime in most circumstances at most by 2-3% (whereas better street lighting can reduce crime by 20%):
http://www.nacro.org.uk/templates/news/newsItem.cfm/2002062800.htm

Average Foreign Direct Investment loss due to increase risk of terrorism: $16 billion

Perhaps this could be added to Joseph Stiglitz’s $3 trillion estimate of the cost of the misadventures in Iraq.