Defending The Kingdom

The previous post discussed the amount of money you ought to be willing to pay per year to avoid getting phished. By using statistics about the average cost of phishing and the probability of experiencing it, it was possible to come up with a meaningful figure. Given the right statistics, this type of analysis is possible for any type of risk.

What Should You Pay to Avoid Viruses and Spyware?

In Consumer Reports’ 2008 State of the Net summary, the odds of contracting a serious computer virus problems are given to be 1 in 7, the yearly costs $2.9 billion. The odds of a serious spyware problem are 1 in 14, with a yearly cost of $3.6 billion. (Note that these figures are for both businesses and consumers.)

From these statistics, it is possible to calculate the amount that the typical person ought to be willing to pay, yearly, in the form of insurance or a preventative product or service, to avoid the consequences of viruses and spyware.

If 1 in 7 computer users had major virus problems, it means that 26 million people suffered expenses of about $110 each. If 1 in 14 computer users had a major spyware problem, it means that about 13 million people took a hit of $275.

Using these numbers and a formula for expected costs (expected cost = average cost per incident multiplied by probability of incidence) we can conclude that the expected yearly loss per person from virus and spyware threats totals $35. Put another way, each of us should be willing to spend up to $35 per year on insurance, services, or products that would shield us from the costs of viruses and spyware.

The Value of Anti-Virus Software

Of course, my calculations could be wrong. But it’s interesting to note that McAfee and Symantec, two of the most popular anti-virus and anti-spyware providers, price their mainstay products at $40, $5 more than our calculation says is reasonable.

Is that extra $5 per year for peace of mind or is it down to overpricing? Or maybe the cost figures that Consumer Reports noted do not include the psychological cost of annoyance and time spent getting rid of viruses and spyware, which could bring the total cost per person higher than what was reported. I’m inclined to give the benefit of the doubt to the millions of consumers who indicate, by their willingness to pay, that a $40 anti-virus solution is worth it to them, but I could be off the mark.

In the previous post, I calculated the cost, in statistical terms, of identity theft for the typical person. But identity theft is not the only danger – what about the risks of phishing?

Consumer Reports, in their 2008 State of The Net report, claims that the likelihood of getting phished this year is 1 in 94, or just over 1%. The total amount lost to phishers nation-wide is estimated to be $2 billion.

Worry or Keep Cool?

If 1 in 94 American adults lost money to phishers, it means that $2 billion in costs were distributed amongst 2.4 million victims. From that statistic, we can figure that the average cost per person was about $835. If your chances of getting phished are 1 in 94, you can expect to lose (in statistical terms) $9 per year to phishers.

Now, knowing that you are likely to lose $9 per year in statistical terms is a bit of strange concept. In any given year, you will either lose a large sum like $835 or nothing at all. It might be easier to think of the $9 per year as something each person should be willing to spend to avoid the consequences of phishing.

For example, everyone in the country could contribute $9 per year into a phishing fund and distribute the money to the victims of phishing. Those who contribute but don’t fall victim to phishing get peace of mind out of the deal. The victims get compensated for what they lose. Everyone wins as long as peace of mind doesn’t cost more than $9 per year. Beyond that, it’s best to take your chances!