"We estimate that Scots businesses are losing around £5bn a year to cyber criminals. That is an enormous amount that should concern every business boss and employee in Scotland.
http://www.bbc.co.uk/news/uk-scotland-scotland-business-18145826
£5bn is an immense amount of money: it's about 4% of Scottish GDP. To put that in context, the UK defence budget is 3% of GDP, UK health budget is 8% of GDP. It would be very interesting to see how these sorts of numbers are calculated.
I found one piece of work that claimed to have numbers and methodology and looked vaguely science-y:
At this stage, the most likely estimate for the economic impact of cybercrime to the UK is inthe range £13Bn to £42Bn. The reported single estimate is £27Bn.
Their centre estimate is about 2% of UK GDP, which is still a very large number. When you look at their methodology, error bars of about +/- 50% look pretty optimistic. They appear to be conflating losses with opportunity costs, and some of the numbers have been pulled out of thin air. For example, £2.2bn a year is listed as extortion costs, without it appearing in any company's accounts. I know auditors are often perceived as gullible, but surely even the sleepiest of them would wake up and pay attention to "we wrote a cheque for a million pounds to Mr X". There's £8bn down to industrial espionage and £9bn to IP Theft, supported by no evidence at all, and those two are far and away the largest items in their laundry list.
I don't have an up to date number, but in about 2005 the number usually quoted for the turnover of the UK electronics sector was £50bn. I doubt it's grown, with more and more manufacturing and design moving off-shore. It's claimed that today they're losing £1.7bn a year to espionage and £2bn a year to IP theft, which together would represent over 7% of turnover. Again, I know auditors have had a bad press of late, but hasn't anyone noticed?
ian