Cybercrime, also referred to as “cyber espionage,” “cyber terrorism,” and “cyber warfare,” poses a significant threat with far-reaching consequences on a global scale. Although recent incidents, such as the 2015 hacking of Sony and the data breach at the Office of Personnel Management in the United States, have garnered attention, it is essential to recognize that cybercrime is not limited to any specific country.
Perpetrators of cybercrime target governments, corporations, and individuals worldwide, leading to adverse effects on the countries in their crosshairs. The repercussions of cybercrime are diverse, ranging from financial and economic hardships to the loss of critical intellectual property and sensitive data. Additionally, there is a notable impact on revenue due to disruptions in international trade.
The economic cost of cybercrime currently stands at 0.8 percent of global GDP, equivalent to $600 billion (about $1,800 per person in the US) annually. This figure reflects a 34% increase from the $445 billion (about $1,400 per person in the US) (about $1,400 per person in the US) recorded in 2014, indicating an average annual growth rate of 11.3% over the preceding three years until June 2017.
According to the latest evaluation by McAfee and the Centre for Strategic and International Studies, Europe bears the most substantial economic impact of cybercrime, accounting for 0.84% of the regional GDP. In comparison, North America experiences a slightly lower impact at 0.78% (CSIS). The driving factors behind this growth include the increased accessibility of cybercrime tools, the adoption of new technologies by malicious actors, and a rising number of cybercrime centers.
The Economic Impacts of Cyber Crime
The Global Cost
In recent times, the realm of criminal activities on the internet has transcended traditional cybercrime, encompassing a wide array of illicit actions conducted online. According to a senior British official, around half of all recorded crimes in the United Kingdom are now cyber-related. To narrow down the scope and focus on a specific aspect, we have defined cyber crime in this context as the unlawful access to a computer or network of a targeted victim. The ensuing factors contributing to the cost of cybercrime, based on this refined definition, include:
- Damage to intellectual property and the loss of confidential company data.
- Stolen personal information is a frequent cause of online fraud and financial crimes.
- Financial manipulation is exemplified by the acquisition of confidential business information for potential mergers or early access to financial reports of publicly traded firms.
- Erosion of trust in online activities and disruptions in production or services, with ransomware posing a significant threat leading to business interruptions.
- Expenditures on network security, cyber insurance, and the costs associated with recovering from cyber attacks.
Estimates of cybercrime costs have varied widely, ranging from tens of billions of dollars to potentially exceeding a trillion. This variability is attributed to a lack of comprehensive data and differing methodologies. Leveraging insights from economic history research, which often deals with partial and discontinuous data, predictions regarding the costs of cybercrime can be made. The Center for Strategic and International Studies (CSIS) suggests that the global cost of cybercrime may reach as high as $600 billion (about $1,800 per person in the US), a figure this modeling effort seeks to approximate.
Estimation Cost
Estimating the costs of cybercrime poses numerous challenges, primarily due to discrepancies in reporting rules across countries and industries. In the UK, for instance, only 13% of cybercrimes are officially reported, exacerbating the difficulty in obtaining accurate data. Furthermore, organizations often choose not to disclose incidents, fearing both liability and damage to their reputation. This widespread underreporting significantly hampers efforts to establish precise national-level estimates of cybercrime costs.
Complicating matters and determining the financial impact of individuals and businesses avoiding online transactions due to cybercrime concerns prove elusive. While the allure of digital technologies persists, there are indications that a shift may be occurring as people and businesses reassess their reliance on these platforms.
Another critical issue with current cost estimates is their focus on the total government expense rather than individual enterprises or consumers. This approach overlooks the unequal distribution of cybercrime victims. For instance, if a country has ten businesses with an average annual loss of $100 each, the total cost would be $1,000. However, the genuine distribution may reveal that two companies bear the brunt, losing $50 each, while the remaining eight experience minimal or no losses. This uneven distribution underscores the challenge of accurately gauging the true impact of cybercrime on organizations, with some potentially unaware of being compromised.
The Persistent Threat of Financial Cyber Crime
Banks remain a prime target for highly skilled cyber criminals, a trend that has endured for over a decade. Financial institutions shoulder a disproportionate burden in the ongoing battle against online fraud and blatant theft. Notably, a study reveals that banks allocate three times more resources to cybersecurity compared to non-financial firms, underscoring the gravity of the situation. Authorities within the banking sector consider cybercrime a “systematic” risk, posing a significant threat to financial stability.
Nation-states, owing to their substantial resources, expertise, and relative impunity from law enforcement, emerge as the most formidable perpetrators of cybercrime. The Center for Strategic and International Studies (CSIS) identifies Russia, North Korea, and Iran as particularly active in hacking financial institutions. While Chinese espionage remains pervasive, the recent Iranian distributed denial-of-service (DDoS) attack on prominent US institutions exemplifies Iran’s intent to wield coercive influence.
This region is a hotbed for some of the world’s most prolific hackers, regardless of their affiliations with government entities. These nations must adapt their strategies; otherwise, cybercrime will persist as a global menace.
Ransomware’s Alarming Surge
Ransomware has emerged as the fastest-growing cyber threat, affecting companies and individuals of all sizes. Despite the relatively low individual costs, often under $200, the rapid expansion is fueled by profitable ransom payments. In the first quarter of 2016 alone, ransom payments amounted to $209 million, a significant increase from the $24 million recorded in all of 2015.
The evolution of ransomware is evident, transitioning from artisanal attacks to the mass distribution of viruses. Criminal organizations, responsible for the initial wave in 2015, gave rise to 70 new families of ransomware products in 2016, doubling the numbers from 2012 to 2015. Ransomware worms, exemplified by the WannaCry attack, are becoming more prevalent, spreading through networks and affecting multiple devices. Anticipated future attacks may combine file exfiltration and simultaneous user lockouts, posing even greater threats.
The looming concern is the shift towards targeting mobile systems, with Android ransomware kits already appearing on marketplaces. The vast number of unprotected phones worldwide provides a tempting opportunity for hackers. Additionally, the lack of security measures for IoT devices makes them increasingly vulnerable, especially in industrial IoT settings.
Cybercrime-as-a-Service (CaaS) Unleashed
Over the past two decades, cybercrime has transitioned from a mere hobby to a thriving business. The industry now offers a wide range of services and equipment for criminals, resulting in a broader and more sophisticated cyber threat landscape. As new tools and platforms become widely available, a new wave of cybercrime actors emerges.
The dark web has become a refuge for cybercriminals, utilizing Tor and Bitcoin to obscure their identities from law enforcement. Marketplaces have responded with escrow payment methods to facilitate high-risk transactions, and vendors now offer support services and money-back guarantees. Despite the division in the marketplace and the use of specialized chat sites for protection, a thriving cybercrime economy persists, offering everything from product development to technical support.
Intellectual Property Theft: A Costly Menace
Intellectual property theft has become the most expensive form of cybercrime, extending beyond traditional government interests to impact businesses across various sectors. Estimating the cost of piracy involves looking at rival items that take market share from legitimate owners. Medium-sized businesses face potential devastation when their intellectual property, such as product designs, is stolen, leading to a loss of revenue due to increased competition.
The implications are even more severe when cybercrime involves military technology, significantly impacting national security. Victims may be unaware of these losses, attributing drops in earnings to increased competition rather than theft. The cyber threat landscape continues to evolve, necessitating constant vigilance and adaptive cybersecurity measures.
Measures
In recent times, the rising concern over identity theft has been fueled by prominent data breaches. Despite Bureau of Justice Statistics (BJS) figures from 2012 and 2014 indicating relatively minor losses of $25 billion from 16.6 million identity theft victims, the alarm stems from the unique challenges this crime poses. While the financial impact per event is around $1500, the true significance lies in the overall $10 billion higher cost compared to losses from other property crimes.
What makes identity theft alarming is the sense of powerlessness it instills. Two-thirds of victims are unaware of when or how their accounts were compromised, creating an invisible crime affecting many. Although not exclusively cyber-related, the repercussions primarily affect banks and credit card firms.
Business Email Compromise: A Growing Threat to Businesses
The use of stolen identities extends to business email compromise, where fraudsters exploit identities to authorize large transfers. Since 2015, these attacks have resulted in over $5 billion in losses, affecting more than 22,000 businesses globally. The FBI has launched awareness efforts, emphasizing the challenge of detection as legitimate transactions are submitted by authorized customer employees. Losses persist, and businesses are hesitant to publicize successful instances.
Solutions to Cybersecurity Challenges
As cyber threats evolve, a fusion of organized crime and terrorism is anticipated. The Internet of Things (IoT) connectivity increases expectations for comprehensive protection. Solutions to the cybercrime epidemic include:
Implementing Basic Security Measures
Regular software updates, patches, and open security architectures are crucial. Continued investment in defensive technologies, from mobile devices to the cloud, is essential.
International Collaboration
Law enforcement agencies and the private sector must collaborate more closely globally. This requires increased resources for investigations and expanded agency capabilities in developing countries.
Enhancing Legal Procedures
Improving existing procedures like the Mutual Legal Assistance Treaty (MLAT) can facilitate cross-border investigations. Standardization and cooperation of cybersecurity standards, especially in critical sectors like finance, will enhance security.
Strengthening Cybercrime Legislation
Countries with weak cybercrime legislation become breeding grounds for cyber threats. Despite objections from some nations, efforts like the Budapest Convention must progress to establish effective international cooperation against cybercrime.
Pressuring Cybercrime Havens
The international community must exert pressure on countries harboring cybercrime to modify their ways. Financial penalties or other consequences may be imposed on failing governments.
Conclusion
In conclusion, cybersecurity is an evolving target for both threats and investments. Swift reactions to vulnerabilities, proactive threat anticipation, and robust protection against hacks are crucial. A global approach is necessary to prevent and respond effectively to cybercrime. The conversation about cyber risk insurance is growing, emphasizing the need for companies to demonstrate resilience in the face of cyber-attacks. Ultimately, how companies manage financial risks will shape their long-term brand reputation and recovery capabilities.