Men lie about sex; companies lie about cybercrime

Cybercrime estimates are wildly misleading for the same reasons as surveys of mens’ number of sexual partners, a Microsoft Research paper says.

Surveys almost always show that men, on average, have had far more sexual partners than women – in some surveys, nine times as many – something which is clearly pretty much impossible.

And, say Dinei Florencio and Cormac Herley in a paper called Sex, Lies and Cyber Crime Surveys, the same is true of surveys aiming to quantify high-tech crime.

“Our assessment of the quality of cyber crime surveys is harsh,” they say. “They are so compromised and biased that no faith whatever can be placed in their findings.”

Just as men tend to over-report the notches on their bedposts and women under-report, so do some respondents exaggerate their losses enormously. And mathematical analysis shows that this can skew the results enormously.

“Far from being broadly-based estimates of losses across the pop-

ulation, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population,” say Florencio and Herley.

“A single individual who claims $50,000 losses, in an N = 1000 person survey, is all it takes to generate a $10 billion loss over the population. One unveried claim of $7,500 in phishing losses translates into $1.5 billion.”

It’s a phenomenon that’s been seen before. In 1983, an incorrect survey answer from a single individual erroneously inflated the estimate of US household wealth by a whacking $1 trillion.