“The CSIS report said that it had revised McAfee’s methods for calculating the impact of cybercrime, but that its numbers were still not definitive, which is why the range between $20 billion and $140 billion is so broad. One of the major reasons McAfee’s 2009 report estimated the cost of cybercrime at $1 trillion was a flawed approach in calculating the expense a company incurs when information — such as corporate secrets — are stolen. In 2009, McAfee calculated the loss of data as equal to what it cost to acquire what was stolen. The new study instead calculates not as what it took to acquire what was stolen, but rather, what it may cost a company now that someone else has the stolen information.”
Source:Cybercrime said to cost US $140 billion, radically less than previous estimates | The Verge