There are constant reports about new attacks, breaches, exploits and threats which make it difficult for stakeholders to understand the full impact of cybercrime. A report from McAfee in collaboration with the Center of Strategic and International Studies (CSIS), shows that cybercrime currently costs the global economy at a starting of $600 billion per year, or 0.8% of the global GDP. This is a 20% jump from cybercrime cost in 2014.
Additionally, a report from Cisco, which is based on interviews with over 3.000 CISOs, shows that almost half of all attacks end up costing the victim at least $500,000. 8% of companies in the report stated that cyber attacks have cost them over $5 million. For 11% of those companies, the cost ranges from $2.5 million to $4.9 million.
The $600 billion figure in the two reports represents total estimated losses due to theft of intellectual property and business confidential information, online fraud and financial crimes, personally identifiable information, financial fraud using stolen sensitive business information and other factors.
The reports have made it clear that there is an underreporting by victims and the scarcity of real data surrounding cybercrime incidents worldwide has made it difficult to get an accurate estimate of cybercrime costs. Typically, organizations only report minimum losses from cybercrime to avoid reputational damage and liability risks.
The cost of cybercrime has increased over the years as a result of ransomware, cybercrime-as-service, and the growing use of anonymity-enabling technologies (Tor and Bitcoin). Malicious activity on the Internet is at an all-time high. Vendors have reported over 80 billion malicious scans, 4,000 ransomware attacks, 300,000 new malware samples and 780,000 records lost due to daily hacking.