Phishing: Expected Costs
2 August 2008
In the previous post, I calculated the cost, in statistical terms, of identity theft for the typical person. But identity theft is not the only danger – what about the risks of phishing?
Consumer Reports, in their 2008 State of The Net report, claims that the likelihood of getting phished this year is 1 in 94, or just over 1%. The total amount lost to phishers nation-wide is estimated to be $2 billion.
Worry or Keep Cool?
If 1 in 94 American adults lost money to phishers, it means that $2 billion in costs were distributed amongst 2.4 million victims. From that statistic, we can figure that the average cost per person was about $835. If your chances of getting phished are 1 in 94, you can expect to lose (in statistical terms) $9 per year to phishers.
Now, knowing that you are likely to lose $9 per year in statistical terms is a bit of strange concept. In any given year, you will either lose a large sum like $835 or nothing at all. It might be easier to think of the $9 per year as something each person should be willing to spend to avoid the consequences of phishing.
For example, everyone in the country could contribute $9 per year into a phishing fund and distribute the money to the victims of phishing. Those who contribute but don’t fall victim to phishing get peace of mind out of the deal. The victims get compensated for what they lose. Everyone wins as long as peace of mind doesn’t cost more than $9 per year. Beyond that, it’s best to take your chances!
Read more about economics of security,identity theft,phishing
Pingback by Viruses and Spyware: Expected Costs | Defending The Kingdom: Security and Privacy in Your Digital Life — 24 August 2008 @ 9:29 pm
[…] The previous post discussed the amount of money you ought to be willing to pay, per year, to avoid getting phished. By statistics about the average cost and the probability of suffering it, it was possible to come up with a meaningful figure. Where these statistics are available, this type of analysis is possible for any type of risk. […]