security
Photo credit: David Goehring

Governments are wasting their time and money on antivirus technologies and should instead focus on policing the internet, according to new academic research.

The research, carried out by scientists at the University of Cambridge, found that the cost of protection far exceeds the cost of the threat itself.

Prof Ross Anderson, author of the report, claimed the UK spends around $1bn every year on efforts to protect against or clean-up after a threat. $170m of that is spent on antivirus. By contrast, just $15m is spent of cyber law enforcement, the report found.

Essentially the report claims a better use of money would be to focus on tacking down cyber criminals. The cost of what the report calls "true cybercrime" – the new scams that completely depend on the internet – amounts to just a, "tens of pence per year directly." Indirect costs, such as the money spent on antivirus can be a hundred times that, the report says.

"Some police forces believe the problem is too large to tackle. In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software," said Anderson.

"Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime," he added.

According to the BBC, the Cabinet Office has welcomed the report. "Our approach strikes the right balance between defending our interests and pursuing cybercriminals," a spokesperson said, adding that the government had already earmarked £650m over four years as part of a new National Cyber Security Programme (NCSP) to strengthen the UK’s cyber security.

The report was carried out at the request of the UK Ministry of Defence. It was partly in response to a report from Detica, which claimed the overall cost to the UK economy from cybercrime was £27bn annually. That figure was met with scepticism as many people questioned the methodology.