The Total Global Cost Of Cybercrime? $400 Billion A Year And Growing


The losses associated with attacks on corporate networks and intellectual property theft cost businesses an estimated $400 billion annually, according to a new report, which warns that the global economic impact will continue to increase.

Cybercrime also could cost as many as 200,000 American jobs and Europe could lose as many as 150,000 jobs, according to the report, "Net Losses – Estimating the Global Cost of Cybercrime,” (.PDF) which was conducted by the Center for Strategic and International Studies (CSIS), a Washington, D.C.-based think tank. The study was commissioned by Intel Security (formerly McAfee).

The report, whose findings were revealed at a Washington, D.C., event Monday, analyzed open-source data on security incidents and losses to calculate a global annual toll on cybercrime. It then interviewed officials in 18 countries to arrive at the estimate. A conservative assessment would be $375 billion in losses, the report said, while the maximum could be as much as $575 billion.

[Related: Verizon 2014 Data Breach Report: The Bad Guys Are Winning]

Several factors are fueling the increase, the report said. Businesses are severely underestimating the risks associated with intellectual property theft and cybercriminals are acting faster to monetize the stolen information, the study found. Law enforcement globally suffers from inadequate resources to investigate cyberattacks. Meanwhile, the cost of conducting attacks is inexpensive for criminals who rely on social engineering tactics and exploiting widespread software vulnerabilities and configuration weaknesses to gain access to systems.

Businesses frequently fail to adequately identify and protect the most sensitive data, relying on broad security strategies to protect an increasingly porous network, solution providers told CRN. The study cites a lack of in incentives for businesses to report intellectual property theft and a poor perception of the value of stolen IP. When businesses do make an investment in information security, it often lacks funding for adequate incident response

"The delay between theft and production can be measured in years for technology products," the report found. "This means that companies underestimate loss and therefore underestimate their risk."

However, a sense of urgency is growing, said William Loupakos, senior vice president at Arlington Heights, Ill.-based reseller American Digital. Businesses often get the message following a serious security incident, he said, citing a recent client that traced the source of a serious infection to a USB drive an employee brought back from China that contained image files with embedded malware.

"We know the Chinese have normal working hours on the security side attempting to hack into corporate customers," Loupakos told CRN. "We're seeing a sense of urgency about security from customers that we haven't seen in the past enterprise server storage discussions."

NEXT: Opportunity, Recovery Costs Weighed Heavily In Loss Estimate