A new report from the Center for Strategic and International Studies (CSIS) and sponsored by McAfee, part of Intel Security, suggests the multi-billion pound impact that cybercrime has on economies worldwide.
The report, “Net Losses – Estimating the Global Cost of Cybercrime,” estimates that cybercrime costs businesses about £266 billion worldwide, with an impact on about 150,000 jobs in the EU and 200,000 jobs in the US.
The most important cost of cybercrime comes from its damage to company performance and to national economies. Cybercrime damages trade, competitiveness, innovation, and global economic growth. Studies estimate that the internet economy annually generates between $2 trillion and $3 trillion, a share of the global economy that is expected to grow rapidly. Based on CSIS analysis, cybercrime extracts between 15 per cent and 20pc of the value created by the internet.
Cybercrime’s effect on intellectual property (IP) is said to be particularly damaging, and countries where IP creation and IP-intensive industries are important for wealth creation lose more in trade, jobs and income from cybercrime than countries depending more on agriculture or industries of low-level manufacturing, the report found. Accordingly, high-income countries lost more as a per cent of GDP than low-income countries – perhaps as much as 0.9 per cent on average.
Jim Lewis of CSIS said: “Cybercrime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors . For developed countries, cybercrime has serious implications for employment. The effect of cybercrime is to shift employment away from jobs that create the most value. Even small changes in GDP can affect employment.”
Impact
CSIS researchers found that in the UK, retailers reportedly lost more than $850 million to hackers. The United States notified 3000 companies in 2013 that they had been hacked, with retailers leading as a favourite target for hackers. Australian officials reported that large scale attacks have occurred against an airline, hotel chains and financial services companies, costing an estimated $100 million. With proper protections in place, these losses could be avoided.
The report found that global losses connected to “personal information” breaches could reach $160 billion. Forty million people in the US, roughly 15 per cent of the population, have had their personal information stolen by hackers. The study tracked high-profile breaches around the world with 54 million in Turkey, 20 million in Korea, 16 million in Germany and more than 20 million in China, having their personal information stolen in the last year.
Part of the losses from cybercrime are directly connected to what experts call “recovery costs,” or the digital and electronic clean-up that must occur after an attack has taken place. The McAfee-CSIS report discovered that while criminals will not be able to monetise all the information they steal, their victims must spend significant resources as if they could.
In Italy, for example, actual hacking losses totaled $875 million, but the recovery, or clean-up costs, reached $8.5 billion. In other words, there can be a tenfold increase between the actual losses directly attributed to hackers and the recovery companies must implement in the aftermath of those attacks.
Potential gains
Governments are beginning serious, systematic efforts to collect and publish data on cybercrime to help countries and companies make better choices about risk and policy. Improved international collaboration, as well as public/private partnerships are also beginning to show tangible results in terms of reducing cybercrime. Last week, 11 nations announced the takedown of a crime ring associated with the GameOver Zeus botnet.
Raj Samani, EMEA Chief Technology Officer for McAfee, said: “It is clear that cybercrime has a real and detrimental impact on the global economy. Over time, cybercrime has become a growth industry; the returns are great, and the risks are low. However this situation is not irreparable as stronger technology defences, greater collaboration between nations, and improved public private partnerships could prevent and reduce the loss from cybercrime.
“Making progress on these changes will require governments and businesses to work together to create a stronger method for reporting and measuring the economic impact cybercrime has in order to effectively assess risk and take appropriate action. As more businesses move online and more consumers connect to the internet, the opportunities for cybercrime will only grow, making it imperative that countries work together now to proactively tackle cybercrime.”
About McAfee, part of Intel Security – http://www.mcafee.com/uk
Comment
Mark Sparshott, EMEA Director at Proofpoint, said: “This report does a great job of describing the $445 billion economic impact of cyber-crime on our global economy. To put that into context, if cyber-crime were a country it would have the 27th largest economy on the planet. Therefore this report should help everyone better visualise the scale of the threat we all face today.
However, while these figures may shock the general public, they come as no surprise to security professionals and big businesses. Over the last three years we have seen a dramatic increase in the volume of advanced cyber attacks, most of which start with targeted spear-phishing and long-lining emails. Today these attacks are so sophisticated that they fool security software and humans alike into thinking the emails are genuine.
The volumes of attacks are increasing because it is a profitable business model for organised crime, which has a much lower risk than traditional crime. Over the last few years cyber-crime has evolved into a complex underground economy where you can buy and sell all the components required to launch attacks. Physical crimes like robbery are high risk. With cyber-crime there is no risky getaway because the attack is routed through hundreds or thousands of PCs in dozens of countries, making it almost impossible to trace. The internet makes most attacks anonymous and untraceable and that is really attractive to cybercriminals.”
