Cambridge study claims UK overspending on antivirus -

A government backed study has claimed that too much is being spent on antivirus software in the fight against cybercrime, but this is a view one security expert believes is too simplistic.

A study at the University of Cambridge has concluded that the amount spent on preventing computer based criminal attacks is out of proportion to the cost of the threat itself.

The study, described as the first systematic estimate of the direct and indirect costs of cyber crime, claims that more should be spent on actually apprehending criminals rather than in the anticipation of the events.

Previous reports into the cost of cybercrime have been deemed wide of the mark. A Cabinet Office backed study reported that online criminality is hitting the UK economy to the tune of £27 billion every year.  This figure has been disputed by industry figures.

In fact, the report claims that the online scams are costing citizens on average a few pennies a day.  

Each year, the country spends US$1 billion on fighting threats,  with $170 million going on antivirus software. This contrasts with $15 million spent on law enforcement.

The “straightforward conclusion” that the researchers draw from this is to “spend less on defence and more on policing”.

This contrasts with the view of MPs recently backing calls to invest more in cyber crime awareness campaigns such as Get Safe Online, which aim to stop cybercrime becoming a problem in the first place.

Speaking with TechEye, Security expert at Sophos, Graham Cluley, said both prevention and policing are required.

“It seems very simplistic just to say let’s stop spending money on antivirus and let's go and get some cops,” Cluley said. “We need to invest in fighting computer crime both on the legal level and protecting your computer”.

“It is not an ‘either’ ‘or’, you need both of these things,” Cluley said. “Anyone who goes online without antivirus software and goes browsing around the web will pretty quickly come to the conclusion that they should have got some antivirus”.

Cluley believes police time spent fighting crime is admirable, but it is difficult to provide immediate protections against cyber criminality.

“Sometimes these investigations take years to gather all the evidence and bring people to justice,” he said. 

“In the meantime you are going to have to do something lse to protect your computer as well,” Cluley said.