Join the Community

24,125

Expert opinions

40,689

Total members

333

New members (last 30 days)

204

New opinions (last 30 days)

29,289

Total comments

Join Sign in

Phishing losses story lacks credibility

17 December 2007 2 comments

Retired member

A survey of more than 4500 online US adults results in oh so many details about monetary losses because of phishing. How is it possible to be so conclusive? Details on the methodologies employed in conducting the survey may or may not be bolstering. I bet on may not.

What is an online US adult? Whatever the definition, does it change over time? How many were surveyed in previous years? Are they a reliable source?

Is the story in question just a case of bad reporting or of making due with junk research?

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4930

Report

Channels

/regulation & compliance

Comments: (2)

Paul Penrose Head of Research at Finextra

18 December 2007

The Finextra news desk tends to take a lot of these survey-style reports with a pinch of salt. Those that ask too many leading questions, or feature small or self-selecting samples tend to get passed over - and believe me, there's a lot of this junk research about.

While we're not too keen on Gartner's penchant for extrapolation - which produces the headline-pleasing multi-million dollar loss figures - the sample size is bigger than average, and the questions leave little to interpretation.

All the same, I've got agree with your general drift. Too many research houses seem to come up with a crowd-pleasing headline and then frame the research to deliver the requisite results.

Gartner has been had up by this Community in the past for some of its general purpose research notes on MiFID and M&A activity in the sector, among other things.

Glad to see the Community being used as a forum to question and challenge assumptions. Keep up the good work.

Report

Beth Robertson Senior Manager at First Annapolis Consulting

19 December 2007

The fact is that there is no single source of hard data for an analyst firm to use to develop estimates such as those Gartner recently developed for phishing losses. As an analyst, one has to make assumptions based on the best available market data and what seems reasonable. The problem is that what is reasonable to one analyst is not to another, and some firms do go for the headline grabbing numbers. Numbers can then become "institutionalized" to a certain extent as they are cited again and again in media reports. At some point you may see that the WSJ or some other credible news source cites phishing losses at $3.2B - the Gartner number. At that point, no one is really questioning who originally developed the number or the associated methodology for doing so - it is all viewed as fact - whether the numbers are realistic or not.

Gary's point and Paul's are important for users of analyst firms and their market research products to understand. Numbers such as phishing loss estimates are not hard facts; the methodology varies and should be questioned. Sound methodology makes for well-supported estimates that can lead to better understanding of and planning to address business needs.

Report