Mi2g, the British-based security consultancy that seems to court controversy and a fair amount of ridicule, has issued a press release (it doesn’t seem to be up yet) that is likely to prompt similar reactions: “USD 166 billion malware damage in 2004”, the headline reads:
The total economic damage from malware – viruses, worms and trojans – in 2004 is estimated to lie between USD 169 billion and USD 204 billion, making 2004 the worst year on record by a wide margin according to the mi2g Intelligence Unit, the world leader in digital risk. 2003 did not log even half of the malware economic damage figures attributable to 2004. With an installed base of around 600 million Windows based computers worldwide, this works out roughly as average damage per installed machine of between USD 281 and USD 340.
Certainly viruses and worms are damaging computers, business and nerves but I’m not sure it stretches to $300 billion. That is the same as(from a quick search of recent news articles):
- The estimated total of risky loans on the books of German banks;
- Global semiconductor sales in 2004, according to the Semiconductor Industry Association;
- The amount spent on sports merchandise and events in the U.S. every year;
- The amount Indonesian president Susilo Bambang Yudhoyono plans to spend on the tsunami-wrecked province of Aceh over the next five years;
- The amount spent so far by the U.S. on the war in Iraq;
- The value of China’s electronics industry or
- An estimate by the Millennium Project of how much rich nations would have to invest per year for the next decade to “reverse the poverty, hunger and disease that plague more than a billion people”.
So I guess it’s not impossible. But it seems to be a bit over the top. Mi2g says it calculates damages “on the basis of helpdesk support costs, overtime payments, contingency outsourcing, loss of business, bandwidth clogging, productivity erosion, management time reallocation, cost of recovery and software upgrades. When available, Intellectual Property Rights (IPR) violations as well as customer and supplier liability costs have also been included in the estimates.” You could pretty much throw any old figures in there.
I would agree with them, however, when they point to the recent “proliferation of Bagle malware variants worldwide” as a sign that, like last year, “there could be a choppy cyber-sea ahead, made all the more complex by new and more dangerous malware families that are yet to emerge.” It may not be costing quite the equivalent of a major war, eradicating global poverty or how much Americans spend on sneakers and baseball games, but a virus sure can muck up your day.