The direct costs related to global consumer cybercrime has dropped to $110 billion, according to the latest cybercrime survey. The same report last year estimated direct costs of $114 billion.
More than 71 million people in the United States fell victim to cybercrime, including cyber-attacks, malware infections, fraud, theft, and phishing scams, between July 2011 to July 2012, Symantec estimated in its annual Norton Cybercrime Report, released Wednesday. That figure reflects about 72 percent of online adults in the U.S. Victims in the U.S. suffered $20.7 billion in direct financial losses, which includes fraud, repairs, and actual amount stolen.
The report estimated 556 million adults globally were victims over the past 12 months, representing about 46 percent of online adults. The highest numbers of cybercrime victims were found in Russia, followed by China and South Africa, according to the report. Chinese consumers suffered the highest direct financial costs, at $46 billion.
Individual loss averaged $197 per victim globally in direct financial costs, while U.S. consumers averaged $290 in direct costs, the report found.
Symantec derived these estimates from a survey of 13,018 individuals between the ages 18 to 64 across 24 countries. The report estimated 1.5 million people are victimized everyday globally.
SecurityWeek along with other media outlets have looked at similar reports in the past and concluded that these estimates can be problematic because they rely on self-reported figures. Averages can also be skewed one way or other if a victim reports an exceptionally large or small loss. Many experts and analysts treat these estimates from security vendors with skepticism, noting a conflict of interest. Higher costs mean consumers are more likely to buy their products, which is better business.
However, while the actual figures may be suspect, the report’s other findings indicate that cybercrime is a significant problem and consumers are highly vulnerable.
Cyber-criminals are taking advantage of social networks and mobile technology to target their victims. About 21 percent of survey participants reported being hit with a social or mobile crime and 39 percent of respondents who use social networking sites have been hit with a social networking scam.
About 15 percent of social network users in the survey said someone had hacked into their profile and pretended to be them. Another 31 percent of respondents with mobile devices reported receiving a text message from someone they didn’t know requesting they click on an embedded link, or dial an unknown number to retrieve a message, the report found.
While the respondents were aware cyber-criminals were targeting social networks, less than half of the users used privacy settings to control how information is shared. Only 44 percent actually used a security product designed to protect them from social network threats, according to the report.
A little over a third of users have accepted friend requests from people they do not know, which results in giving access to a lot of personal information to strangers. Almost the same number of users admitted receiving posts or messages that they believe are not actually from friends.
While users reported taking basic steps to protect themselves, such as deleting suspicious emails and being careful with their personal details, 40 percent said they don’t use complex passwords or change passwords frequently. More than a third did not verify the browser was using a secure connection before entering sensitive information, such as financial details, said the report. Almost half of the respondents said they use unsecure public WiFi networks to access email, social networks, and banking sites, and 55 percent said they weren’t sure if their personal systems were clean and secure.
Half of online adults don’t recognize that cybercrime has changed and how malware has evolved into sophisticated and stealthy programs, Symantec concluded. Consumers are often unaware that attack methods have changed and criminals are shifting focus to target new platforms, and thus are less aware of security risks, Symantec said.
Younger users, grouped as “Millenials” were more likely to be hit by cyber-crime compared to older users, “Baby Boomers,” Symantec found in the Norton study. The difference may be due to the Millenials generally using more online services than the Boomers.
The full report can be found here in PDF format.