The Cost of Cyber Crime

After a year of massive data breaches and headline-making security warnings, it may come as a surprise that antivirus makers are seeing lower than expected growth.

Stats from Gartner show the software security market posted sales less than expected, with global revenue of $19.9 billion last year, up from $19 billion in 2012 – still “healthy”, but less than expected, the analyst firm said.

Gartner pinned the slowing growth partially on “commoditisation” of consumer software, which makes up about a quarter of the total security market, according to analyst Ruggero Contu.

The global growth rate for consumer security software halved, from 6.2% in 2012 to 3% in 2013.

He said most of the growth came from emerging markets, following trends across the wider IT market, but most revenue still comes from mature markets such as North American and Western Europe.



Contu said such markets are saturated – most people and businesses already have security software, even if they do pay annually for it – and highly competitive, with the “technology gap” between firms shrinking. That makes it tough for companies to post higher growth, especially with free antivirus seen as good enough.

Scare story?

The slowing sales growth, especially for consumer antivirus, comes amid a series of high-profile attacks, and security firms warning that the cost of cybercrime is increasing. So how much do cyber-attacks cost us – and what should we pay to avoid them?

There’s no easy answer. The Gartner stats follow a report from McAfee that claimed annual losses from cybercrime could be as much as $575 billion, and will continue to increase annually.

However, that number is extrapolated from many assumptions, and made up of everything from lost productivity to “slowed innovation”, so should be questioned – there’s a good report picking apart the numbers at The Guardian.

Indeed, McAfee’s report admits: “The lack of data means that any dollar amount for the global cost of cybercrime is an estimate based on incomplete data.”

Either way, Gartners’ sales figures suggests companies and users seem to ignore such terrifying statistics, or at least not take them into account when deciding what to spend on security software for protection.

McAfee stresses in its report: “Companies and individuals make decisions on how to manage the potential for loss from cybercrime by deciding how much risk they are willing to accept and how much they are willing to spend to reduce that risk. The problem with this is that if companies are unaware of their losses or underestimate their vulnerability, they will underestimate risk.”

The amount being spent on security software – the Gartner stats don’t include other protective measures – is a small slice of McAfee’s (admittedly questionable) total, at just 3%.

McAfee tried to estimate what society has deemed an acceptable cost of cybercrime, pinning the amount that we’re willing to tolerate at 2% of GDP. At the moment, even with McAfee’s high cost estimate, it comes in at 0.8% globally.

In the EU, it’s 0.41% and in the UK only 0.16% – suggesting the cost of cybercrime simply isn’t high enough for us to start spending more to be secure.

Indeed, a report by Trend Micro earlier this year said Britons were willing to pay up to £30 for security and privacy, though most would prefer to cap spending at £10 annually.


Globally, Symantec and McAfee remained in first and second place in revenue rankings, but IBM pipped Trend Micro to third, with EMC rounding out the top five.

“This is the first time in many years that a broad portfolio vendor such as IBM (that is, not a pure-play security vendor) has been able to enter the top three,” Gartner said.

Intriguingly, the market hasn’t shifted much in the past five years, with the same firms making up the top five since 2008.

Gartner chart
By Nicole Kobie

Credit goes to:

Leave a Reply

Your email address will not be published. Required fields are marked *

8 − four =