A new study has found that cyber crime costs businesses close to a staggering US$600 billion, or about 0.8% of global GDP. Within this, Asia and the Pacific are estimated to account for about $380 billion of the losses (0.9% of regional GDP).
These figures, from the "Economic Impact of Cyber crime – No Slowing Down” report from cybersecurity firm McAfee and the Center for Strategic and International Studies (CSIS), is significantly higher than a 2014 study that put global losses at about $445 billion, out of which that of APAC was $180 billion.
The cyber crime costs considered by the report include, among others, loss of intellectual property and confidential business information, online fraud and financial crimes that are often the result of stolen personal information and reputation damage and liability risks. The report did not attempt to measure the cost of all malicious activity on the internet, focusing instead on criminals gaining illicit access to a victim’s computer or network.
The increase over three years is attributed to cybercriminals quickly adopting new technologies, the ease of engaging in cybercrime – including an expanding number of cybercrime centers – and the growing financial sophistication of top-tier cybercriminals.
Crime enhanced by technology
The digital world has transformed our lives, and that includes risk and crime, helping crime to be more efficient, less risky, more profitable and easier to execute than ever, said Mr Steve Grobman, Chief Technology Officer for McAfee.
“Consider the use of ransomware, where criminals can outsource much of their work to skilled contractors. Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement,” he said,
“Add to these factors cryptocurrencies that ease rapid monetisation, while minimising the risk of arrest, and you must sadly conclude that the $600 billion cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy.”
Nation states the most dangerous cyber criminals
The report found that banks remain the favorite target of cybercriminals, and nation states are the most dangerous source of cybercrime. Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber espionage.
“Our research bore out the fact that Russia is the leader in cybercrime, reflecting the skill of its hacker community and its disdain for western law enforcement,” said Mr James Lewis, senior vice president at CSIS. “North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we’re now seeing an expanding number of cybercrime centers, including not only North Korea but also Brazil, India and Vietnam.”
The report measures cybercrime in North America, Europe and Central Asia, East Asia and the Pacific, South Asia, Latin America and the Caribbean, Sub-Saharan Africa, and the Middle East and North Africa. Not surprisingly, cybercrime losses are greater in richer countries. However, the countries with the greatest losses (as a percentage of national income) are mid-tier nations that are digitised but not yet fully capable in cybersecurity.
The report recommended some tips on how to deal with cybercrime, including:
- Uniform implementation of basic security measures and investment in defensive technologies
- Increased cooperation among international law enforcement agencies
- Improved collection of data by national authorities
- Greater standardization and coordination of cybersecurity requirements
- Progress on the Budapest Convention, a formal treaty on cybercrime
- International pressure on state sanctuaries for cybercrime
The full report can be found here.