A new report from the Center for Strategic and International Studies (CSIS) and sponsored by McAfee, says that cybercrime costs businesses approximately $400 billion worldwide,with an impact on approximately 200,000 jobs in the U.S. and 150,000 jobs in the EU.
The report, “Net Losses – Estimating the Global Cost of Cybercrime", says that the most important cost of cybercrime comes from its damage to company performance and to national economies. Cybercrime damages trade, competitiveness, innovation and global economic growth. Studies estimate that the Internet economy annually generates between $2 trillion and $3 trillion, a share of the global economy that is expected to grow rapidly. Based on CSIS estimates, cybercrime extracts between 15 percent and 20 percent of the value created by the Internet.
Cybercrime’s effect on intellectual property (IP) is particularly damaging, according to the report, and countries where IP creation and IP-intensive industries are important for wealth creation lose more in trade, jobs and income from cybercrime than countries depending more on agriculture or industries of low-level manufacturing, the report found. Accordingly, high-income countries lost more as a percent of GDP than low-income countries – perhaps as much as 0.9 percent on average.
“Cybercrime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors,” said Jim Lewis, senior fellow and director of the Strategic Technologies Program at CSIS. “For developed countries, cybercrime has serious implications for employment. The effect of cybercrime is to shift employment away from jobs that create the most value. Even small changes in GDP can affect employment.”
CSIS researchers found that the United States notified 3,000 companies in 2013 that they had been hacked, with retailers leading as a favorite target for hackers. In the U.K., retailers reportedly lost more than $850 million to hackers. Australian officials reported that large scale attacks have occurred against an airline, hotel chains and financial services companies, costing an estimated $100 million. With proper protections in place, these losses could be avoided.
The report found that global losses connected to “personal information” breaches could reach $160 billion. Forty million people in the U.S., roughly 15 percent of the population, have had their personal information stolen by hackers. The study tracked high-profile breaches around the world: 54 million in Turkey; 20 million in Korea; 16 million in Germany and more than 20 million in China.
Part of the losses from cybercrime are directly connected to what experts call “recovery costs,” or the digital and electronic clean-up that must occur after an attack has taken place. The McAfee-CSIS report discovered that while criminals will not be able to monetize all the information they steal, their victims must spend significant resources as if they could.
In Italy, for example, actual hacking losses totaled $875 million, but the recovery, or clean-up costs, reached $8.5 billion. In other words, there can be a tenfold increase between the actual losses directly attributed to hackers and the recovery companies must implement in the aftermath of those attacks.
Governments are beginning serious, systematic efforts to collect and publish data on cybercrime to help countries and companies make better choices about risk and policy, the reprot says. Improved international collaboration, as well as public/private partnerships are also beginning to show tangible results in terms of reducing cybercrime. Last week, 11 nations announced the takedown of a crime ring associated with the GameOver Zeus botnet.
“It’s clear that there’s a real tangible economic impact associated with stopping cybercrime,” said Scott Montgomery, chief technology officer, public sector at McAfee. “Over the years, cybercrime has become a growth industry, but that can be changed, with greater collaboration between nations, and improved public private partnerships. The technology exists to keep financial information and intellectual property safe, and when we do so, we create opportunities for positive economic growth and job creation worldwide.”
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?