McAfee Logo
Did McAfee inflate costs to profit from cybersecurity programs? Wikipedia

A 2009 study by the Center for Strategic and International Studies estimated that hacking costs the global economy $1 trillion. President Barack Obama, intelligence officials and members of Congress have cited this number when pressing for legislation on cybercrime protection.

Turns out that number was a massive exaggeration by McAfee, a software security branch of Intel that works closely with the U.S. government at the local, state and federal level.

A new study by CSIS found numerous flaws in the methodology of the 2009 study and stated that a specific number would be much more difficult to calculate. The report actually sites several different estimates on the global cost of hacking, ranging from $100 billion to $500 billion.

CSIS says the U.S. might lose as little as $20 billion to $25 billion per year to cybercrime or as much as $100 to $140 billion. Calculating U.S. losses as a fraction of the global economy, CSIS posited that the global effect of hacking is probably in the range of $300 billion to $400 billion.

Both the recent and the 2009 studies were underwritten by McAfee, one of largest security technology vendors in the world. In 2009, the authors of the report criticized the method used in the study, which surveyed companies on how much they had lost to cyberattacks. Reuters pointed out that companies can have a hard time knowing exactly what was stolen, and there are a myriad of more complex economic issues that keep the surveys from being accurate.

McAfee was responsible for releasing the $1 trillion estimate, roughly triple the actual estimation. Reuters reported that in an early version of a press release on the updated data, McAfee was once again exaggerating the global cost of hacking. This time, it reports a $100 billion loss to the U.S., even though this number was at the high end of CSIS estimates. It uses this number to conclude that the global cost is between $100 and $500 billion. The CSIS team called this range “a very crude extrapolation” and “almost certainly an overestimate.”

Among many parts of the government, McAfee helped the Department of Defense design a secure infrastructure. The DoD has cited McAfee’s $1 trillion overestimate to argue for the expansion of cybersecurity programs.

A recent Pentagon report officially blamed the Chinese military for numerous cyberattacks on U.S. computer systems, including infiltrations of sensitive military databases. International Business Times previously reported that the DoD is rapidly expanding its rules for cyberwarfare and plans to create 13 new teams to handle threats from hackers.

While foreign hackers are certainly a growing threat, it seems like the arguments for these expansions were based on false information. One trillion dollars is a much greater threat than $300 billion and could have affected decisions to allocate resources for various cybersecurity programs. If McAfee is responsible for building the software for these security programs, it could stand to profit the most by inflating the effects of hacking on the global economy, thus improving the value of its cybersecurity software.

Follow Ryan W. Neal on Twitter.