Attacks/Breaches
6/9/2014
01:30 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

Worldwide Cost of Cybercrime Estimated at $400 Billion

Experts with the Center for Strategic and International Studies, McAfee look at data loss figures and information from economists and intellectual property experts to come up with the figure.

A new analysis out today found that the global impact of cybercrime adds up to amounts larger than those of the national income in many countries, coming to an estimated total of more than $400 billion. Compiled by the Center for Strategic International Studies (CSIS) on behalf of McAfee with the help of a team of economists and intellectual property experts, the report, "Net Losses: Estimating The Global Cost Of Cybercrime," found that the cost of cybercrime to the US economy alone equaled approximately $100.4 billion, or 0.64% of the US gross domestic product.

These figures are far larger than other estimates, such as the FBI Internet Crime Complaint Center report on 2013 incidents, which pegged US losses at $781.8 million. However, the CSIS report's authors wrote that their goal was to move beyond material losses and recovery costs directly related to breach incidents and broaden the scope to economic impact from impeded innovation due to intellectual property theft and other long-term opportunity costs. "Cybercrime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors."

Raj Samani, CTO of McAfee EMEA, says the report should start discussions about the real but unreported impact of cybersecurity on economic growth and the real-world consequences for those who traditionally have little or no awareness of cyberissues.

"Unfortunately, today when we look at most cybercrime stories, they focus on three things: Who was the victim, what was the malware used, and where did it come from?" Samani says. "We need to start to change the discussion and figure out what the actual impacts are going to be to the organization. Are they going to have to make layoffs to cover costs? Are the rates of return they expect going to be less because intellectual property is stolen?"

For example, the report stated that, in the US, the losses due to cybercrime could cost as many as 200,000 jobs due to the effect that small changes in the GDP can have on employment. Unlike many cost-of-cybercrime reports that show figures solely based on surveys among information security or compliance personnel, this one employed opinions and analysis from intellectual property lawyers and economists.

"Valuing IP is one of the hardest problems for estimating the cost of cybercrime, but it is not impossible," the report said. "As cybertheft of IP becomes a recognized part of the business landscape, we can expect merger and acquisition specialists to develop better tools for evaluating both the risk of compromise and risk of successful exploitation by competitors."

Though the experts say that the level of cybercrime impact is still below 1% of global GDP -- less than the impact of the drug trade or car crashes worldwide, for instance -- they've found that it has a markedly more chilling effect on the Internet economy. According to Samani, its impact on growth in that area is approximately 20%.

"Ideas are the currency of the information age and those ideas are being sucked out and taken elsewhere. Entrepreneurs and startups are probably the most vulnerable, because they have high-value information and don't have the skills to protect their data," he says. "We are talking about the evolution of crime and how it is impacting our children's ability to get those jobs within that environment."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TejGandhi1986
50%
50%
TejGandhi1986,
User Rank: Apprentice
6/12/2014 | 8:14:54 PM
Information Security Awareness
The high impact of information security breach is obvious however still it is observed that the awaress regarding information security is not huge.Investment in information security can increase multifold as more and more companies and people are made aware and more information regarding the adverse effect of breach of information security.

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/10/2014 | 4:31:43 PM
Re: The true value of IP / cost of crime
How the actuaries determine the value and risk of stolen IP will definitely be interesting. And we're still in the infancy of cyberinsurance. The Boston  Globe reported this week that the fastest-growing niche in the industry is cyberinsurance. But it's really hard quantifyi losses from attacks, because they are often intangible. Details here if you want to read more.  
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/10/2014 | 3:56:21 PM
Re: Correlation of Departments
I love this kind of reports that I find very interesting, but I afraid that the real cost is really superior due the difficulties to analyze the overall losses.

 
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
6/10/2014 | 2:12:41 PM
The true value of IP / cost of crime
This is a really excellent point:  "We need to start to change the discussion and figure out what the actual impacts are going to be to the organization. Are they going to have to make layoffs to cover costs? Are the rates of return they expect going to be less because intellectual property is stolen?"  

I wonder if some of this would be covered by cyber insurance...

I also wonder if any organizations adequately consider this stuff when they're doing their risk assessments. It seems like they're getting better at assessing the risk of PII breaches, but not necessarily IP breaches. Maybe I'm wrong?
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/9/2014 | 6:32:21 PM
More Dedicated Security Professionals
It's a real tragedy that our social progress is hindered time and again due to the cost of crime.  When you look at the US budget applied to war, law enforcement and the private corporate budgets assigned to loss risk management alone, we could likely end world hunger, potentially put a dent in global poverty and put a couple of people out on Mars, to boot.  As I get older (having seen one side of InfoSec and the sheer numbers of eager petty theft cyber criminals out there) I realize more and more that, like local police departments, there is a shortage of talented InfoSec professionals not drawn to the "dark side" of the force.  

Because high tech has so readily become associated with high salaries, it's not always easy to secure permanent talent at a less than bloated salary to do solid, consistent security work, day in and out, like a dedicated police officer who may not make the best money in the world, but has a sense of dedication and honor about the work.  I think more folks like that need to come over to the InfoSec arena and help reduce this terrible debt cybercrime is putting upon us.  Certainly, the Free and Open Source Software communities are doing their share.  But we still need those warriors on the front line who are going to stick to their guns and stand for the right side of the law. 

Honestly, that number makes me a little sick.  What we could be doing with that money toward elevating tech and future opportunities for education...
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/9/2014 | 4:27:27 PM
Correlation of Departments
Its always beneficial to correlate different departments to support the bigger picture. I like that lawyers and economists were brought in on this report to provide another detriment vector with analysis. I think the fact that this report delineates how many jobs can be lost due to cybercrime estimates makes the threat tangible instead of just another noise statistic. This will hopefully make even the non-infosec/netsec people more aware of the dangers of cybercrime and how it affects all.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.