The results of a new security survey, which asked some 6,000 people across Europe questions about cybercrime, would appear to suggest that nearly everyone (88% of respondents in fact) is some kind of online victim. Have things really got this bad, or is it just another case of the security industry painting a very dark picture in order to drive demand for IT security solutions and services?
Well let's take a look at the results of that survey which was carried out by security vendor Sitecom. I can understand fully that the 73% of people 'concerned about their security online' might think that, after all every sane person has to be concerned about malware, phishing, cybercrime. I'm slightly surprised that this would seem to imply that 27% are not concerned, as that suggests to me these people don't care if they fall victim or not. Surprisingly, 88% believed it was 'important to be protected against cybercrime' which is another statistic that falls into the 'realms of normality' category. Or at least it would were it not that this then highlights the disparity between those who are concerned about cybercrime (73%) and those who think it important to protect against it (88%). Somewhere there is a peculiar 15% who, I have to assume, think it is important to protect against something that they are not actually concerned about.
But wait, things get even odder as you dig into the results further: 88% of the respondents said that they "have been victims of one of the following forms of cybercrime: virus, spyware, trojans, worms, rootkits, fraud, phishing or malware". Which tallies with the number of folk who thought it important to protect against such things, but still leaves 15% who have been hit by cybercrime in some form but still refuse to be concerned about it. Odder still, when you consider that 98% of those asked by this survey actually use an anti-virus scanner of some sort yet 48% of them didn't feel protected by it.
If you are starting to get that old chestnut of lies, damn lies and statistics floating around your head I can understand it. Not that I am accusing Sitecom, or anyone else for that matter, of making this stuff up. However, I do wonder just how relevant such statistics are for anything other than product marketing purposes.
Is the Internet really so completely saturated with malware and bad guys that it has become an unsafe place to be? No, of course not. The suggestion that only 12% of Internet users, if you extrapolate the results of asking 6,000 people to the entire population, have not been hit by a virus, spyware, Trojan, worm, rootkit, fraud, phishing or malware just does not gel with my own experiences, nor those of the fact majority of people I know. In fact, truth be told, I know very few people, relatively speaking, who have fallen victim to cybercrime of any type.
Of course, how you phrase the questions will always be a factor in any kind of survey. As will how you group together categories that define a whole. How many of that 88% of cybercrime victims, for example, actually were just recipients of a badly constructed spam email trying to persuade them to login to a cloned banking site for a bank account they do not even have? Again, I'd like to make it clear that I'm not aiming this directly at Sitecom, but without knowing that level of detail the overall claim of victimisation is diluted to the point of being, well, pointless.
What do you think, are claims about Internet insecurity overblown by security vendors or do the numbers you see tend to tally with your own experiences? Join the DaniWeb conversation and let us know...