We know that cyber crime can be expensive to the enterprise and the government. Experts toss around numbers about how much it costs a company when there is a breach, and that number always seems to be in the millions of dollars.
McAfee and the Center for Strategic and International Studies (CSIS) wanted to look at the cost of cyber crime in a slightly different way. The two organizations joined together to investigate what cyber crime means to the world and U.S. economy. The numbers revealed in the recently released report, “Estimating the Cost of Cybercrime and Cyber Espionage,” are staggering. In the U.S. alone, Internet crime costs an estimated $100 billion a year and approximately 500,000 jobs have been lost in response. Globally, the dollar loss could be upwards of $500 billion.
And that’s just the financial losses. As the report pointed out, loss goes beyond finances and intellectual property. There are opportunity costs, damage to brand and reputation, consumer losses from fraud, the opportunity costs of service disruptions, “cleaning up” after incidents and the cost of increased spending on cybersecurity.
For the study, CSIS classified malicious online activity into six areas:
- The loss of intellectual property
- Cyber crime
- The loss of sensitive business information, including possible stock market manipulation
- Opportunity costs, including service disruptions and reduced trust for online activities
- The additional cost of securing networks, insurance and recovery from attacks
- Reputational damage to the hacked company
To put the losses from such crime into perspective, CSIS used real-life analogies to “set rough bounds—a ceiling and a floor—for the cost of malicious cyber activity, by comparing it to other kinds of crime and loss.” The analogies included car crashes, piracy, drugs and related crimes. In that context, the numbers of online crime look low: car crashes, for example, cost an estimated $99 billion to $168 billion and 0.7 percent to 1.2 percent of GDP annually in the U.S., while criminal Internet activities cost an estimated $24 billion to $120 billion and 0.2 percent to 0.8 percent of GDP.
However, the victims in these crimes aren’t only the companies who have been attacked; all of us suffer from the repercussions. It is a loss of tax revenue. It causes companies to raise prices to pay for added security to protect against such attacks. As Tom Cross, director of security research at Lancope, said:
The CSIS study on the economic impact of cyber crime emphasizes that many companies have underestimated the risk that they face from commercial cyber espionage and the long term consequences of intellectual property theft. A key takeaway from an enterprise security perspective is that breaches have an ongoing cost that can take a long time to manifest as intellectual property continues to be stolen from the organization and is put into practice competitively in global markets.