Cybercrime is having a significant impact on economies worldwide. The report from McAfee and CSIS found that cybercrime is costing businesses close to $600 billion, or 0.8% of global GDP, which is $150 million more than a 2014 study that put global losses at about $445 billion.
The report attributes the growth over three years to cybercriminals quickly adopting new technologies, the ease of engaging in cybercrime – including an expanding number of cybercrime centres – and the growing financial sophistication of top-tier cybercriminals.
“The digital world has transformed almost every aspect of our lives, including risk and crime, so that crime is more efficient, less risky, more profitable and has never been easier to execute,” said Steve Grobman, chief technology officer for McAfee.
“Consider the use of ransomware, where criminals can outsource much of their work to skilled contractors. Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement. Add to these factors cryptocurrencies that ease rapid monetisation, while minimising the risk of arrest, and you must sadly conclude that the $600 billion cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy.”
Banks remain the favourite target of cybercriminals, and nation states are the most dangerous source of cybercrime, the report finds. Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber espionage.
“Our research bore out the fact that Russia is the leader in cybercrime, reflecting the skill of its hacker community and its disdain for western law enforcement, said James Lewis, senior vice president at CSIS. “North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we’re now seeing an expanding number of cybercrime centres, including not only North Korea but also Brazil, India and Vietnam.”
The report measures cybercrime in North America, Europe and Central Asia, East Asia and the Pacific, South Asia, Latin America and the Caribbean, Sub-Saharan Africa, and the Middle East and North Africa. Not surprisingly, cybercrime losses are greater in richer countries. However, the countries with the greatest losses (as a percentage of national income) are mid-tier nations that are digitised but not yet fully capable in cyber security.
“As a society, we put cyber in front of everything – cyberbully, cyber security, cybercrime…. This encourages employees to assume it’s a different field – outside of their control or a risk that can’t reach them. But it is crime, full stop,” said Raj Samani, chief scientist and fellow at McAfee.
“As revealed by our latest research, it has a huge financial impact on both businesses and the wider economy. This trend is likely to continue with the cybercrime as-a-service economy offering less technical individuals the opportunity to participate and quickly profit from lucrative attacks.”
“Businesses often struggle to remain vigilant against threats because they have too many tools operating in silo at once – and failing to communicate with each other. By making sure that tools can work together and removing siloed security teams, organisations can find the right combination of people, process and technology to effectively protect data, detect threats and, when targeted, rapidly correct systems. This will be key to keeping pace with criminals’ rapid adoption of new technologies, an expanding number of cybercrime “centres” and the growth of cybercrime-as-a-service.”