Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:40 AM
Connect Directly

Global Cybercrime Losses Cross $1 Trillion Mark

A shift from attackers targeting individual systems to entire organizations is pushing up cost of cyberattacks sharply, McAfee says.

Security industry estimates of global cybercrime losses tend to vary quite widely, and sometimes the projections can be startling in terms of magnitude. But the data still helps lend some broad perspective to the mushrooming nature of cybercrime.

Such is the case with the latest cybercrime loss estimates from McAfee.

Related Content:

Cybercrime May Be the World's Third-Largest Economy by 2021

The Changing Face of Threat Intelligence

New on The Edge: BECs and EACs: What's the Difference?

According to the company, a study it conducted along with the Center for Strategic and International Studies (CSIS) shows cybercrime cost the world economy in excess of $1 trillion in 2019. That staggering figure — and there have been even higher previous estimates — represents a 50% increase from a 2018 study, which pegged global cybercrime losses at around $600 billion.

The study found that in addition to direct financial losses, more than nine in 10 organizations that experience a significant cyber event also have to contend with significant unplanned downtime, business disruption, and damage to their reputation and brand.

"The analysis that CSIS did, showing that [cybercrime losses] is in the trillion-dollar range, was alarming," says Steve Grobman, chief technology officer at McAfee. "That is a good indicator that we need to dial up defensive measures more aggressively."

This is especially true for organizations in industries that are usually considered relatively safe from cyberattacks, Grobman says.

McAfee and CSIS's cybercrime loss estimates counted a variety of costs they say organizations incur after a major security incident. Costs include those involved in detecting, mitigating, and responding to a breach, notifying victims, and implementing remedial measures. Also included are a variety of other costs that organizations do not always consider when evaluating the financial impact of a security incident, says Grobman. Examples include costs associated with lost and missed business opportunities, business disruption and downtime, productivity losses, and damage to the brand.

A survey of 1,500 IT business decision makers McAfee commissioned as part of the study found organizations experienced 18 hours of downtime, on average, following a major security incident. The survey found the average cost to organizations was more than $500,000 per incident. Financially motivated cyberattacks and IP theft accounted for at least 75% of the cybercrime losses organizations experienced last year, according to McAfee.

The data shows how constantly evolving adversary tactics is worsening the impact of cyberattacks for many organizations, Grobman says. In the past, attackers used to target individual devices and systems; now they have now switched to targeting the entire organization.

"One of the things we see today is cybercriminals entering an organization likely by finding credentials on the Dark Web, using a malware implant to create a back door, and then have human operators enter the company's environment," Grobman says.

Shift in Targeting
The goal is often to move laterally and find high-value targets and assets they can then target with ransomware and other malware to create most damage. Even the nature of ransomware attacks has changed from attacks seeking ransoms for encrypted data to attacks that hold entire factories and businesses to ransom. Many of these attacks are the work of sophisticated nation-state-backed threat actors, Grobman says.

The shift from attacks targeting systems and devices to attacks targeting the whole enterprise has exposed weaknesses in incident detection and response capabilities and made cyberattack costlier overall for many organizations. Previously, mitigating an attack often involved removing malware from an infected system or systems and, in drastic scenarios, reimaging them from scratch.

The survey shows that organizations take an average of 19 hours to move from initial incident discover to remediation. Less than 20% of organizations have the resources to be able to handle a security incident internally. The remaining has to hire a third party to come in and help remediate fall out from a cyberattack — another factor driving up the costs associated with cybercrime.

"One important takeaway is that cybersecurity defense is no longer something that only specific sectors have to make a top priority,'" Grobman says. There are a lot of other industries that are part of a broader supply chain — logistics and shipping companies, for instance — that need to make cybersecurity a top investment priority, he says.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-18
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
PUBLISHED: 2021-05-18
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.