CSIS Says Costs Of Cybercrime Growing Globally

The cost to the global economy of cybercrimes has risen from an estimated $445 billion in 2014 to nearly $600 billion currently, according to a new study.

The reasons for the benefit growth to cyber criminals include faster use of new technologies, more potential victims as online users increase, ease of criminal activity, and an improved ability to turn stolen data into money, James Lewis, a cyber security expert with the Center for Strategic and International Studies, writes in the report.

“Monetization of stolen data, which has always been a problem for cybercriminals, seems to have become less difficult because of improvements in cybercrime black markets and the use of digital currencies,” says the report, Economic Impact of Cybercrime—No Slowing Down. The 28-page report is sponsored by CSIS and the cyber security firm McAfee and was released on Wednesday.

James Lewis, director and senior fellow, CSIS Strategic Technologies Program

James Lewis, director and senior fellow, CSIS Strategic Technologies Program

The study is the third by CSIS and McAfee going back to 2013 to examine the costs of cybercrime. A 2014 report put the costs to the world’s economy at about 0.7 percent of global income while the latest study says cybercrime now costs is about 0.8 percent of global gross domestic product.

Last week, the White House issued a report by the President’s Council of Economic Advisors estimating the costs of cyber-attacks to the U.S. economy in 2016 at between $57 billion and $109 billion (Defense Daily, Feb. 16).

Cybercriminals continue to operate in a low risk to high payoff ratio, making it a very attractive environment.

“A smart cybercriminal can make hundreds of thousands, even millions of dollars with almost no chance of arrest or jail,” Lewis writes.

For cybercriminals, the outlook is bright.

With the emergence of the “poorly protected” Internet of Things (IoT), the report says, there will be new channels for cybercriminals to potentially gain access to data.

While IoT devices may not be valuable to cyber thieves, they “provide new, easy approaches to steal personal information or gain access to valuable data or networks,” the report says. It adds the devices also enable “massive denial-of-service attacks that block services and impose costs on companies and individuals.”

Cloud services, which are increasingly being adopted by various organizations, will also be targets for cybercriminals and “tools” to house viruses and launch attacks, the report says.

Separately on Wednesday, Raytheon [RTN] released a survey it sponsored that was conducted by the Ponemon Institute highlighting global “megatrends” in commercial cyber security. Among the findings are a vast majority of respondents, 82 percent, believe that a data breach from an unsecured IoT device in their workplaces is “very likely” within the next three years and 80 percent believe “such a breach could be catastrophic.”

Ponemon surveyed 1,100 senior IT and IT security professionals in the U.S., Europe, Middle East and North Africa, with 67 percent expecting a greater risk of extortion through tools like ransomware and 66 percent believing data breaches will “seriously diminish their organization’s shareholder value.” A surprising 60 percent believe “nation-state attacks against the government and commercial organizations will worsen and could potentially lead to a cyber war.”

Other megatrends expected by respondents include doubts about their ability to protect their organizations from cyber-attacks, attacks against high-value information will be the most damaging, cyber security still isn’t a strategic priority within their organizations, company boards aren’t not aware of the cyber security posture of their organizations, and there will be high costs for companies to comply with regulations and respond to lawsuits.

More Stories You Might Like