View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Security spending should focus on cyber policing, not antivirus: report

UK spends way too much on antivirus and not enough on busting cyber crime gangs, new report claims

By Steve Evans

Photo credit: David Goehring

Governments are wasting their time and money on antivirus technologies and should instead focus on policing the internet, according to new academic research.

The research, carried out by scientists at the University of Cambridge, found that the cost of protection far exceeds the cost of the threat itself.

Prof Ross Anderson, author of the report, claimed the UK spends around $1bn every year on efforts to protect against or clean-up after a threat. $170m of that is spent on antivirus. By contrast, just $15m is spent of cyber law enforcement, the report found.

Essentially the report claims a better use of money would be to focus on tacking down cyber criminals. The cost of what the report calls "true cybercrime" – the new scams that completely depend on the internet – amounts to just a, "tens of pence per year directly." Indirect costs, such as the money spent on antivirus can be a hundred times that, the report says.

"Some police forces believe the problem is too large to tackle. In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software," said Anderson.

"Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime," he added.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

According to the BBC, the Cabinet Office has welcomed the report. "Our approach strikes the right balance between defending our interests and pursuing cybercriminals," a spokesperson said, adding that the government had already earmarked £650m over four years as part of a new National Cyber Security Programme (NCSP) to strengthen the UK’s cyber security.

The report was carried out at the request of the UK Ministry of Defence. It was partly in response to a report from Detica, which claimed the overall cost to the UK economy from cybercrime was £27bn annually. That figure was met with scepticism as many people questioned the methodology.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.