UK cyber crime costs £27bn a year - government report

Cyber crime costs the UK economy £27bn a year, the government has said.

The figures, published for the first time,, external are a mid-range estimate and the real cost could be much higher.

They are made up of £21bn of costs to businesses, £2.2bn to government and £3.1bn to citizens.

Security minister Baroness Neville-Jones said the government was determined to work with industry to tackle cyber crime.

At the moment, cyber criminals are "fearless because they do not think they will be caught", she said in a briefing in central London.

But efforts to get a grip on the problem had been hampered by firms who did not want to admit they had been the victims of attacks for fear of "reputational damage".

This also meant that it was difficult to accurately estimate the cost to the economy - and the "worst case scenario" was likely to be much greater than £27bn.

"It is a bit like terrorism - the more you know the more frightening it looks," said Baroness Neville-Jones.

But she said the government was not at "panic stations", adding that it had a strategy to tackle the problem and had committed £650m over the next four years to it.

Baroness Neville-Jones, Prime Minister David Cameron and Foreign Secretary William Hague met the bosses of some of Britain's biggest businesses, including Barclays, HSBC, Tesco and BA, on Monday to urge them to take the problem more seriously.

The government is due to unveil a plan to disrupt cyber criminals and ensure more of them were prosecuted "in the spring" and had agreed to form a joint working group with industry to tackle the problem.

Baroness Neville-Jones said some of the cyber crime activity was "state-sponsored" but although the government had the ability to strike back it was "anxious not to get into a barney with friendly countries" over the issue.

It would instead focus its efforts on defending itself from cyber attack - which she said was the most effective strategy as it was often difficult to work out where the attacks were coming from.

She said the government also wanted to help industry build up its defences and expertise - so they were better able to recognise and deal with security breaches.

"There are many companies in the country who do not know what the normal functioning of their systems looks like because they don't actually know enough about their own systems," she said.

There was also a problem with "assurance" - whether companies could trust staff not to leak commercial secrets to rivals.

Martin Sutherland, chief executive of Detica, the consultancy which compiled the report with the Cabinet Office, said the perpetrators of cyber crime ranged from "state-sponsored" criminals to organised crime gangs down to "spotty teenagers sitting in their bedrooms".

The cost to business of £21bn is more than twice the Home Office's annual budget and, according to Mr Sutherland, is "twice as big as the cost to business of traditional physical attack".

He said "the days of walking into bank with a stocking over your head and a sawn-off shotgun are over" and criminals were increasingly operating online where the chance of being detected were much smaller.

He added: "As crime's gone digital, this report estimates for the first time the real cost of cyber crime to the UK.

"By understanding that business bears the burden of over three quarters of the £27bn cost of cyber crime we are better placed to defend and protect assets crucial to every business sector in today's interconnected market place.

"The next step is to formulate a more targeted response to IP theft and industrial espionage in particular".

Nearly half of the £21bn cost to business is made up of intellectual property theft - such as the theft of designs but not illegal file sharing, which is not included in the figure. Industrial espionage, such as the theft of commercial secrets, was also a significant problem.

Intellectual property theft cost £9.2bn, industrial espionage £7.6bn, this was followed by extortion, which cost £2.2bn, and direct online theft, which cost business £1.3bn. Some £1bn was lost through theft of customer data.

The hardest-hit sectors were pharmaceuticals, biotech, electronics, IT and chemicals.