In 2009, McAfee published a study estimating that cybercrime cost the US economy as much as $1 trillion a year. Since then, the $1 trillion annual figure has been cited by various politicians and the Obama Administration as a reason to step up the nation's online defenses and its pursit of hackers and other web criminals. On Monday, a new study underwritten by McAfee scaled that figure back dramatically. The new study, written by the Center for Strategic and International Studies (CSIS), projects that cybercrime siphons between $20 billion and $140 billion from the US each year.

The CSIS report said that it had revised McAfee's methods for calculating the impact of cybercrime, but that its numbers were still not definitive, which is why the range between $20 billion and $140 billion is so broad. One of the major reasons McAfee's 2009 report estimated the cost of cybercrime at $1 trillion was a flawed approach in calculating the expense a company incurs when information — such as corporate secrets — are stolen. In 2009, McAfee calculated the loss of data as equal to what it cost to acquire what was stolen. The new study instead calculates not as what it took to acquire what was stolen, but rather, what it may cost a company now that someone else has the stolen information.

A better, but not perfect, estimate

"Given the data collection problems, loss estimates are based on assumptions about scale and effect — change the assumption and you get very different results," the report said. "These problems leave many estimates open to question." Essentially, the report states clearly that putting on financial figure on the cost of cybercrime isn't close to an exact science. Additionally, some companies are likely to "conceal their losses and some are not aware of what has been taken, further complicating the attempts to come to a solid estimate. The study also states that the company "cannot accurately assess the dollar value of the loss in military technology," again because not enough data is available.

Much of the 17-page report written by CSIS, a Washington think tank, is an explanation as to why estimating the true cost of cybercrime is so difficult. But the report, as flawed as it may be, is still an improvement that what was put out in 2009. "The study here is newer, it's based on extra rigorous work," Tom Gann, McAfee's vice president of government relations told Reuters. "This is clearly the one we're going to focus on."