This report develops a framework within which these financial impacts can be assessed and brings together the many disparate sources of financial data on malware and spam. The following points summarize key findings:
- Estimates of the financial effects of malware differ widely. Figures for overall effects range from US$ 13.2 billion of direct damages for the global economy (in 2006) to US$ 67.2 billion in direct and indirect effects on U.S. businesses alone (in 2005).
- In a survey of its members, the Computer Security Institute (CSI) estimated the loss caused by cybersecurity breaches per responding firm to US$ 345,000 in 2006. This number is most likely not representative for businesses in general due to the unique membership of CSI. The 2006 number is considerably lower than its peak in 2001 but more than double the 2005 level.
- Consumer Reports estimated the direct costs to U.S. consumers of damages experienced due to malware and spam to US$ 7.1 billion in 2007.
- One estimate put the global cost of spam in 2007 at US$ 100 billion and the respective cost for the U.S. at US$ 35 billion. Another study found that the cost of spam management in the U.S. alone amounted to US$ 71 billion in 2007.
- In 2007, the costs of click fraud in the U.S. were estimated to be nearly US$ 1 billion.
- Numbers documenting the magnitude of the underground Internet economy and transactions between it and the formal economy also vary widely. One source estimates the worldwide underground economy at US$ 105 billion.
- No reliable numbers exist as to the potential opportunity costs to society at large due to reduced trust and the associated slower acceptance of productivity-enhancing IT applications. However, a considerable share of users expressed concern and indicated that it reduces their willingness to perform online transactions.