08:15 PM
Connect Directly

Global Cybercrime Costs Top $600 Billion

More than 50% of attacks result in damages of over $500K, two reports show.

In cybersecurity it can sometimes be hard seeing the forest for the trees. Constant reports about new attacks, breaches, exploits and threats can make it hard for stakeholders to get a picture of the full impact of cybercrime.

Two reports this week are the latest to take a crack at it.

One of the reports is from McAfee in collaboration with the Center for Strategic and International Studies (CSIS). It shows that cybercrime currently costs the global economy a startling $600 billion annually, or 0.8% of the global GDP. The figure represents a 20% jump from the $500 billion that cybercrime cost in 2014.

The other report from Cisco is based on interviews with 3,600 CISOs and shows among several other things that nearly half of all attacks these days end up costing the victim at least $500,000. Eight percent of companies in the Cisco report said cyber attacks had cost them over $5 million; for 11% the costs ranged between $2.5 million and $4.9 million. The figures include direct and indirect costs such as those associated with lost revenue, customers, and lost opportunities.

Together, the two reports paint a picture of a landscape that is getting from bad to worse in a hurry.

"Cybercrime impacts economic growth. This is not an IT issue but something much bigger," says Raj Samani, chief scientist at McAfee. "Nearly every breach focuses on attribution or the technique, but we rarely ever discuss what the real impact is," Samani says. The net result is that many organizations continue to view cybercrime as a somewhat abstract issue. "I am constantly told 'this does not impact me,'" Samani says. "Yet cybercrime impacts every one of us."

As with many other reports that have attempted to calculate total cybercrime costs, the $600 billion figure in the McAfee/CSIS report is based on estimates. It represents total estimated losses due to theft of intellectual property and business confidential information, online fraud and financial crimes, personally identifiable information, financial fraud using stolen sensitive business information and other factors. Other estimates have put the number much higher, some far lower.

As the report makes clear, underreporting by victims and the overall paucity of real data surrounding cybercrime incidents worldwide have made it extremely hard to get a truly precise estimate of cybercrime costs. In many cases, organizations only report a fraction of their actual losses from cybercrime to avoid reputational damage and liability risks. So to calculate cybercrime costs, McAfee and CSIS borrowed modeling techniques that have been used previously to estimate costs associated with other criminal activities such as maritime piracy, drug trafficking, and transnational crime by organized groups.

The exercise showed that costs of cybercrime have increased significantly in recent years as the result of state-sponsored online bank heists, ransomware, cybercrime-as-a-service, and the growing use of anonymity-enabling technologies like Tor and Bitcoin, McAfee and CSIS said. Malicious activity on the Internet is at an all-time high, with some vendors reporting 80 billion malicious scans, 4,000 ransomware attacks, 300,000 new malware samples and 780,000 records lost to hacking on a daily basis, the report said.

The theft of intellectual property and business confidential information has been a huge reason for the higher cybercrime costs globally. According to McAfee and CSIS, intellectual property theft accounts for at least 25% of overall cybercrime costs. Such theft can include everything from patented formulas for paints to designs for rockets and other military technology. Over the years, the theft of IP has become a huge problem for many industries and has impacted the ability of companies to compete and to profit from their innovations. Yet, it remains one of the most underreported forms of cybercrime.

"[IP theft] is probably the most surreptitious form of data theft," Samani says. For example, a ransomware infection is clearly obvious, and with other forms of data theft or breaches there is an obligation to report. "However IP theft and calculating the cost becomes invisible to the victim, particularly since proving that a competing product was derived from a historical breach is very difficult," he says.

Europe appears to be the region most impacted by cybercrime, but that is likely also in part due to the maturity of the breach reporting habits of organizations there compared to other regions, Samani says.

Cisco's report meanwhile showed that in addition to increasing financial costs, organizations are also becoming more vulnerable to attacks on their supply chain. Supply chain attacks, according to the company, have increased in complexity and frequency and have heightened the need for organizations to pay close attention to their hardware and software sources.

Enterprise security environments have become much more complex as well. Twenty-five percent of the security executives Cisco interviewed said their organizations used security products from between 11 and 20 vendors. Sixteen percent said their organizations were using between 21 and 50 products. The complexity has begun impacting enterprises' ability to defend against threats, Cisco said.

Franc Artes, an architect in the security business group at Cisco says the new report marks the first time the company asked respondents to indicate a range of their financial loss from a security incident. In last year's report, one-third of those who suffered a breach reported a revenue loss of 20%, he says.

Cisco's latest survey shows that attackers are evolving their techniques faster than the ability of defenders to keep up. Troublingly, as organizations continue to leverage their operational technology (OT) infrastructure and create connectivity to these systems, the recognition of it being a vital attack vector has grown as well, Artes says.

"Nearly 70% of the respondents stated they see their OT infrastructure as an attack vector; 20% stated that while it wasn’t currently, they expected it would be in the next few years."

Related content:



Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.