"I get a lot of data on identity theft that I don't publish it because I know how incomplete it is," Litan said. "There is no mandate for companies to report identity fraud, so we don't know what is happening at the banks and the eBays and the Amazons out there."

The U.S. Secret Service study found that about 60 percent of identity theft is committed by people not known to the victim. Litan's best guess followed closely to that: Data thieves and external attackers account for about 70 percent of the cybercrime affecting businesses with insiders accounting for the remaining 30 percent, she said.

However, companies fraud detection systems are too overwhelmed, in some cases, to accurately flag cases of fraud. Thieves that steal a large number of credit-card numbers and use the data to steal $10 from each card can generally stay below the radar, she said.

"Cybercrime is on the way up, and it's being perpetrated by very sophisticated by computer thieves," Litan said.

Because the Secret Service selects the cases that it wants to get involved in, the Utica College study is likely skewed toward crimes that affect more people or caused more damage, said James Van Dyke, founder and president of Javelin Strategy & Research, which releases an annual consumer survey on identity fraud.

Yet, the Federal Trade Commission's Consumer Sentinel report on consumer complaints, the Javelin survey of consumers and the Utica study all compliment each other, said Van Dyke.

"These are very complimentary studies," he said. "They are each a different lens on what we know to be a $49.3 billion problem."

If you have tips or insights on this topic, please contact SecurityFocus.