In 2005, cybercrime cost the average company $24,000. In 2015, the average cost jumped to $1.5 million. Certainly some of that is due to inflation – everything costs more today – but the skyrocketing costs are also in line with the overall increase in cybercrime. According to BTB Security, in 2005, there were only four data breaches that affected more than 30,000 records, compared to 26 breaches in 2015. That still seems like a low number, but how about this: In total records compromised, the numbers went from 44 million to 190 million. In a TechRepublic interview, Ron Schlecht, a managing partner at BTB Security, added one of the concerns he envisions for the future:
Hackers will continue to not just target large organizations, but target smaller and smaller organizations, and failure of organizations and countries to build up security talent will be a huge problem.
The more organizations that are targeted, the more those numbers posted above will rise – and we can expect them to rise by a lot. According to a new Cybersecurity Ventures report, global cybercrime is expected to hit $6 trillion by 2021, doubling in costs since 2015.
The numbers will increase for simple reasons. First, there will be a lot more data to protect. The report stated that by that time, companies will be producing – and defending – 50 times more data than we do today, thanks to all of the new devices connecting to networks, from wearables to cars. Two, the internet has become the preferred attack venue for everyone from thieves to nation-states. As CSO put it:
The $6 trillion estimate of costs related to cybercrime damages by 2021 is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, a cyber attack surface which will be an order of magnitude greater than it is today, and the cyber defenses expected to be pitted against hackers and cybercriminals over that time.
However, these numbers are just guesses, according to the European Union Agency for Network and Information Security, but they are important guesses, as SC Magazine reported:
According to the report's authors, Dr Dan Tofan, Theodoros Nikolakopoulos and Eleni Darra, determining cost values that are as close as possible to reality is a “key to determining the real economic impact of incidents on EU's economy. Knowing the real impact can help define proper, coherent and cost effective mitigation policies”.
In the end, as long as we want the opportunities and the conveniences the internet has to offer, we’re going to have to anticipate the costs of cybercrime in the value of doing business, as Mike Patterson of Plixer told me in an email comment:
Consumers, manufacturers and financial institutions are not ready to accept that some services should not be tied to the Internet. For now, the prevailing attitude is that convenience is worth the risk.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba