The Cost of Cybercrime
The internet has become such an integral aspect of our daily lives that we take for granted how significant it is to the economy. We rely on the internet every day for anything from financial transactions and eCommerce to zoom meetings and even coordinating school bus schedules. Currently, 75% of the economic transactions that occur over the internet support traditional industries that hold up the economy.
Because of this, attacks that target cyberspace and internet usage pose a significant threat with potentially catastrophic results. With so much at stake, it’s crucial to understand the impact of data disruption on global and national commerce, trade, and security.
The National Impact
A 2018 study conducted by the Center for Strategic and International Studies (CSIS) reported that the annual loss due to cybercrime amounted to $600 billion, which was at that time 1% of total global GDP¹. However, recent studies as of 2021 indicate that cybercrime is costing the global economy $6 trillion, ten times more than originally predicted. Based on current projections of total GDP at $86 Trillion these current estimates indicate that %7 of GDP is lost to cyber-attacks².
An estimated 43% of U.S. businesses were hit with a cyberattack of some kind in the last year. Many industry analysts believe that these attacks are sponsored by nation-states hostile to the United States and that they are practicing what amounts to economic warfare³.
What is Ransomware?
The latest trend in cybercrime is ransomware attacks. Ransomware is a type of malware that encrypts the files on a device and renders the systems unusable. Those looking to use this malware for gain by demanding ransom from the device owners in exchange for the system decryption, thus earning the malware its name.
Approximately 444,000 ransomware attacks occurred worldwide in 2018 and the number is rising each year. Ransomware alone costs $20 billion in damages globally, which is 57 times higher than it cost in 2015⁴.
The Cost of Data Leaks
Businesses suffer from a variety of data breaches, with the average data breach costing U.S. businesses approximately $8.19 million. While industries such as healthcare carry higher costs associated with sensitive information leaks, even data leaks from simple identity theft schemes can cost over a thousand dollars per person. The 60 million Americans victimized by identity theft in the last few years alone often spend months attempting to reclaim their identity and recover from the attack⁵.
Estimates are that by 2025 global costs of cyber attacks would exceed $10.5 trillion. This is more profitable for criminals than all of the global illegal drug trade. One of the benefits to criminals is the difficulty in being caught. Most organized crime syndicates have only a .05 percent chance of getting caught. Billionaire Warren Buffet describes cybercrime as “the number one problem with mankind and a bigger threat than nuclear weapons⁶.”
By 2022 there will exist 1 trillion network sensors embedded throughout the world. This number will increase to 45 trillion within 20 years. Couple this with an estimate that by 2023 there will be three times as many network devices as humans on the planet. By 2025, 50% of the world’s data will be stored in the cloud, representing some 100 zettabytes of data storage. This is going to dramatically increase the vulnerability and thus the potential for attacks.
A Growing Threat
There are currently 30 million small businesses in the U.S. Most cyberattacks target these small to mid-size businesses because they are less secure and easier to breach than the heavily protected networks of larger companies. An estimated 66% of small businesses go out of business within 6 months of a cyberattack. More than half of these businesses never set up a cybersecurity plan and lack the knowledge or resources to deal with the threats⁷. As organized cybercriminals prey on unsuspecting and unprepared victims, it’s clear that the problem of cyberattacks and the mounting costs are only going to increase if left unchecked.
So now that we have a grasp on the cost of cyber-attacks, what about the cost of cyber defense? Most companies spend between 5.6% and 20% of their IT budgets on security⁸. For a large business, this can average between $2 million and $5 million spent on cybersecurity per year. Mid-size businesses can spend in the neighborhood of $500,000 to $2 million per year. For a small business, the cost is less than $500,000 but the impact of an attack has even more damaging results as most small businesses do not have the margins to recover from such attacks⁹.
Specific Software Costs
A full suite of security measures includes end-point deduction response software, firewalls, antivirus, and email protections. These costs vary based on internet needs but can range anywhere from $20 – $37 each month to protect a single user, workstation, and server. Small companies may only require one firewall, but larger networks will have multiple. Each firewall will range between $400 – $6,000, with an additional configuration cost of $450 -$2,500. To offset these costs, companies can outsource their cybersecurity to a monitoring service that can total $500 – $2,000 per month. With a choice of price points and the clear need for cyber defense, security is rising as one of the most necessary expenses an organization can implement.
Vulnerability assessments should be completed annually and, in some cases, quarterly to review the company’s current systems and identify any potential threats or weaknesses. These, too, can cost companies an average of $1,500 – $6,000 for a network of one to three servers¹⁰ For networks with five to eight servers, the cost increases to an average of $5,000 – $10,000. Because small businesses are least likely to implement the full extent of these security measures due to high pricing, their networks are left largely unprotected and incredibly vulnerable to cyberattacks.
As mentioned above, outsourcing can be a method of financial savings when considering cybersecurity measures for your company. The reality is that most small and mid-sized businesses cannot afford to implement the full suite of security measures, which leads them to outsourced options instead. These Security as a Service (SECaaS) providers offer consulting, monitoring, and cloud-based security systems at a more affordable rate compared to in-house security specialists. As attacks increase, the cost of doing business will inevitably demand an increased security budget to prioritize the cyber safety of organizations and their data.
- Lewis, James Andrew. (2018, February 21st). Economic Impact of Cybercrime, Center for Strategic & International Studies. https://www.csis.org/analysis/economic-impact-cybercrime
- Desjardins, Jeff. (2019, Sept 5th). The $86 Trillion World Economy in One Chart. Visual Capitalist. https://www.visualcapitalist.com/the-86-trillion-world-economy-in-one-chart/
- Kitchen Klon. (2019, October 2nd). A Major Threat to Our Economy – Three Cyber Trends the U.S. Must Address to Protect Itself. The Heritage Foundation. https://www.heritage.org/cybersecurity/commentary/major-threat-our-economy-three-cyber-trends-the-us-must-address-protect
- The Costs of Cybercrime. February 16th, 2021. CoffeeTree Group. https://www.coffeetreegroup.com/blog/2021/2/16/the-costs-of-cybercrime-1
- Moore, Michelle. (2020 September 15th). Inside the Infographic: “Cybersecurity by the Numbers.” AT&T. https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-cost-and-crime-by-the-numbers
- Shealy, Matt. (2021, November 22nd). Lessons Learned from the Skyrocketing Cost of Cyber Crime. Readwrite. https://readwrite.com/2021/11/22/skyrocketing-cost-of-cyber-crime/
- Morgan, Steve (2020, November 13th). Cybercrime To Cost the World $10.5 Trillion Annually By 2025. Cybercrime Magazine. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
- The Cost of Cybersecurity and How to Budget for it. Maureen Data Systems. https://www.mdsny.com/the-cost-of-cybersecurity-and-how-to-budget-for-it/
- Guim, Timothy. (2021, July 7th). Cost of Cyber Attacks vs. Cost of Cyber Security in 2021. Pchtechnologies. https://pchtechnologies.com/cost-of-cyber-attacks-vs-cost-of-cyber-security-in-2021/
- How Much Does Cyber Security Cost? Common Cyber Security Expenses & Fees. Provendatarecovery.com. https://www.provendatarecovery.com/blog/cyber-security-cost-expenses-fees/