The global costs associated with cyber-crime have grown in recent years, according to a report released Feb. 21 by McAfee and the Center for Strategic and International Studies (CSIS).
The 28-page report, titled “Economic Impact of Cybercrime – No Slowing Down” estimates the total cost of cyber-crime to the global community in 2017 at between $445 billion and $600 billion. That’s up from a range of $345 billion to $445 billion that CSIS estimated the last time it released a report on cyber-crime costs back in 2014. The increased cost of cyber-crime was not a surprise to McAfee either.
“We are all aware that cyber-crime is a growing industry,” Raj Samani, Chief Scientist at McAfee, told eWEEK.
The report comes a week after the White House released a report from the Council of Economic Advisers (CEA) which estimated the cost of malicious cyber-activity to the U.S. economy in 2016 at between $57 billion and $109 billion. According to a Sept. 2017 report from Accenture, the average cost of cyber-crime to U.S. companies in 2017 was $21 million.
The McAfee CSIS report does not specifically breakout the cost estimate for the U.S. economy. Rather the report has an estimate for cyber-crime in North America, which includes data from the U.S., Canada and Mexico. For 2017, the McAfee CSIS report estimated the cost of cyber-crime in North America at between $140 billion and $175 billion.
“There will always be figures attempting to calculate the cost of cyber-crime and we need to recognize that we are trying to quantify the unknown,” Samani said. “However we need to remember that the purpose of such studies is to focus the narrative on the economic impact of cyber-crime rather than trying to determine who is right.”
Samani said that the purpose of highlighting the economic impact is to make it clear that cyber-crime isn’t just an IT issue, it’s also a business risk issue.
There are multiple components that contribute to the total cost of cyber-crime. Samani said that the most important area for the cost of cyber-crime is in the theft of intellectual property and businesses confidential information, which accounts for a quarter of cyber-crime’s economic impact.
Ransomware was a major issue for cyber-crime in 2017, with a host of associated costs. Samani said that with ransomware, invariably the cost paid to recover data is only the tip of the iceberg. Potential downtime and business disruption are also large costs as was seen with the NotPetya ransomware attack in June 2017.
“With NotPetya there was a significant cost that resulted in a downgrade of quarterly earnings for some impacted companies,” Samani said.
How To Reduce the Costs of Cybercrime
There are multiple steps organizations can take to help reduce the costs associated with cyber-crime. Samani recommends that organizations properly appreciate the value of business IP as well as employee and customer data.
“Enterprises have to place the appropriate protection on these assets and ensure they’re protecting key digital assets appropriately,” Samani said. “Fundamentally though, do not mistake this as an issue for the IT department, today IT risk is business risk,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.