THE UK GOVERNMENT spends far too much on antivirus software and not enough on policing the internet, research by the University of Cambridge contends.
In the University's "How much does cybercrime cost?" report published today, researchers at the institution said the cost of protection far exceeds the cost of the threat itself.
The report found that the UK spends $1bn each year in protecting against or cleaning-up after security incidents, including $170m on antivirus software. In contrast, it found that only $15m is spent on law enforcement.
The report refers to new scams that completely depend on the internet as "true cybercrime", and states that this is "only costing citizens an average of a few tens of pence per year directly". However, it adds that "the indirect costs, such as the money spent on antivirus software, can be a hundred times that".
The author of the report, Professor of Security Engineering Ross Anderson, claimed that a better use of money would be to kill the problem at the root, focusing on the criminals creating the attacks in the first place.
"Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime," Anderson said.
"Some police forces believe the problem is too large to tackle. In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software."
Concluding that the UK should spend less on defence and more on policing, the study said that cybercriminals are "pulling in a few tens of pounds from every citizen per year", but "the indirect costs to those citizens, either in protective measures such as antivirus or in cleaning up infected PCs, is at least ten times as much".
However, security firm Sophos argued that it's not the case of one or the other.
"Everyone agrees that we should defend our computers with security software. And we all want to see the computer cops properly funded to pursue the bad guys too. But it's a mistake to think that the money comes from the same pot, or that if you invest in one you can't, or shouldn't, also invest in the other," said the company's senior technology consultant Graham Cluley.
"I'd certainly love to see the authorities given greater funding to hunt down cybercriminals, but at the same time I'm very aware that such investigations are complex and can take many years. I suspect that the vast majority of computer users would like to protect their PCs at the same time," he added. µ