The latest estimates uncover the hidden costs of cybercrime beyond the economic impact
Cybersecurity specialist McAfee and the Center for Strategic and International Studies (CSIS) have released a new global report, The Hidden Costs of Cybercrime, which focuses on the significant financial and unseen impacts that cybercrime has worldwide.
The report concludes that cybercrime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion. Beyond the global figure, the report also explores the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.
“The severity and frequency of cyberattacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” says Steve Grobman, senior vice president and CTO at McAfee.
“While industry and government are aware of the financial and national security implications of cyberattacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high impact costs,” he adds.
“We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents given the hundreds of billions of dollars of global financial impact.”
McAfee commissioned independent technology market research specialist Vanson Bourne to undertake the research that this report is based on.
Between April and June 2020, the quantitative study was carried out, interviewing 1,500 IT and line of business decision makers. Respondents came from the US (300), Canada (200), the UK (200), France (200), Germany (200), Australia (200) and Japan (200).
Respondents’ organizations have 1,000 or more employees and were from all sectors except construction and property. However, only IT decision makers were interviewed in the government sector.
Additionally, CSIS utilised a survey of open source material on losses accompanied by interviews with government officials, and an estimate adjusted by national income levels using International Monetary Fund (IMF) income data to determine the cost of cybercrime.
The Hidden Costs of Cybercrime
The theft of intellectual property and monetary assets is damaging, but some of the most overlooked costs of cybercrime come from the damage to company performance. The survey reveals that 92 percent of businesses felt there were other negative effects on their business beyond financial costs and lost work hours after a cyber incident.
The report further explores the hidden costs and the lasting impact and damage cybercrime can have on an organisation, including system downtime – a common experience for around two thirds of respondents’ organizations. The average cost to organisations from their longest amount of downtime in 2019 was $762,231. Thirty-three percent of survey respondents state that IT security incidents resulting in system downtime cost them between $100,000 and $500,000.
As a result of system downtime, organisations lost, on average, nine working hours a week leading to reduced efficiency. The average interruption to operations was 18 hours.
According to the report, it takes an average of 19 hours for most organizations to move from the discovery of an incident to remediation. Many security incidents can be managed in-house, but major incidents can often require outside consults with high rates that form a significant portion of the cost of a large-scale incident.
The true cost of cybercrime: selected report highlights
- Global losses from cybercrime now total over $1 trillion, a more than 50 percent increase from 2018
- Two-thirds of surveyed companies reported some kind of cyber incident in 2019
- Average interruption to operations at 18 hours; the average cost was more than half a million dollars per incident
- IP theft and financial crime account for at least 75 percent of cyber losses and pose the greatest threat to companies
- Damage to companies also includes downtime, brand reputation and reduced efficiency
- 56 percent of surveyed organisations said they do not have a plan to both prevent and respond to a cyber incident
Brand and Reputation Damage
The cost of rehabilitating the external image of the brand, working with outside consultancies to mitigate brand damage, or hiring new employees to prevent against future incidents is also part of the cost of cybercrime. Some 26 percent of the respondents identified damage to brand from the downtime experienced because of a cyberattack.
Through the research and analysis, the report finds a lack of organisation-wide understanding of cyber risk. This makes companies and agencies vulnerable to sophisticated social engineering tactics and, once a user is hacked, not recognizing the problem in time to stop the spread.
According to the report, 56 percent of surveyed organisations say they do not have a plan to both prevent and respond to a cyber incident. Out of the 951 organisations that actually had a response plan, only 32 percent said the plan was effective.
The report concludes with key ways for businesses to deal with cybercrime. These include: uniform implementation of basic security measures; increased transparency by organisations and governments; standardisation and coordination of cybersecurity requirements; providing cybersecurity awareness training for employees, and developing prevention and response plans.
Download a full copy of the Hidden Costs of Cybercrime report here.