CSIS Releases Study Linking Cybercrime To Job Loss

McAfee-sponsored report quantifies economic impact of cybercrime

July 23, 2013

4 Min Read

PRESS RELEASE

WASHINGTON, D.C., – July 22, 2013 – McAfee announced today that it has sponsored a first-of-its-kind report quantifying the economic impact of cybercrime. After years of guesswork and innumerable attempts to quantify the costly effects of cybercrime on the U.S. and world economies, McAfee engaged one of the world's preeminent international policy institutions for defense and security, the Center for Strategic and International Studies (CSIS), to build an economic model and methodology to accurately estimate these losses, which can be extended worldwide. "Estimating the Cost of Cybercrime and Cyber Espionage" posits a $100 billion annual loss to the U.S. economy and as many as 508,000 U.S. jobs lost as a result of malicious cyber activity.

To help measure the real loss from cyber attacks, CSIS enlisted economists, intellectual property experts and security researchers to develop the report. The researchers estimate the range for cybercrime loss to the global economy is between $100 billion and $500 billion. They used real-world analogies like figures for car crashes, piracy, pilferage, and crime and drugs to build out the model. CSIS noted the difficulty of relying on methods such as surveys because companies that reveal their cyber losses often cannot estimate what has been taken, intellectual property losses are difficult to quantify and the self-selection process of surveys can distort the results.

For purposes of the research, CSIS classified malicious cyber activity into six areas:

The loss of intellectual property

Cybercrime

The loss of sensitive business information, including possible stock market manipulation

Opportunity costs, including service disruptions and reduced trust for online activities

The additional cost of securing networks, insurance and recovery from cyber attacks

Reputational damage to the hacked company

"We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyber activity," said Mike Fey, executive vice president and chief technology officer at McAfee. "Other estimates have been bandied about for years, but no one has put any rigor behind the effort. As policymakers, business leaders and others struggle to get their arms around why cyber security matters, they need solid information on which to base their actions."

The cost of malicious cyber activity involves more than the loss of financial assets or intellectual property. There are opportunity costs, damage to brand and reputation, consumer losses from fraud, the opportunity costs of service disruptions, "cleaning up" after cyber incidents and the cost of increased spending on cybersecurity. Each of these categories must be approached carefully, but in combination, they help us gauge the cost to societies.

"This report also connects malicious cyber activity with job loss," said James Lewis, director and senior fellow, Technology and Public Policy Program at CSIS, and a co-author of the report. "Using figures from the Commerce Department on the ratio of exports to U.S. jobs, we arrived at a high-end estimate of 508,000 U.S. jobs potentially lost from cyber espionage. As with other estimates in the report, however, the raw numbers might tell just part of the story. The effect of the net loss of jobs could be small, but if a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effect could be wide ranging."

This is the first report CSIS is undertaking to help better understand the true cost of cybercrime. This report builds a model to scope the direct losses from cybercrime and cyber espionage. A second report, which is underway, will look at the ramifications of cyber security losses on the pace of innovation, the flow of trade and the social costs associated with crime and job loss.

Lewis and co-author Stewart Baker of Steptoe & Johnson LLP, and distinguished visiting fellow at CSIS, point out that as thoroughly as they plan to develop their estimates, the dollar amount might not fully reflect all the damaging effects that cyber espionage and cybercrime have on the global economy. Both activities slow the pace of innovation, distort trade and bring the spate of social costs associated with crime and job loss, according to the report. Lewis and Baker say the larger effect may be more important than any actual number, and it will be the focus of the next report.

To view a copy of the full report click here: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf.

About CSIS

CSIS is a bipartisan, nonprofit organization headquartered in Washington, D.C. The Center's 220 full-time staff and large network of affiliated scholars conduct research and analysis and develop policy initiatives that look to the future and anticipate change.

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe. http://www.mcafee.com

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights