HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / The Alarming Costs of Cybercrime
What the $500 Billion Cybercrime Estimate Means for Enterprises
What the $500 Billion Cybercrime Estimate Means for Enterprises
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
26
2013

When hackers tap into a database and steal the personal information of thousands of users, there's always a cost associated with the breach. Now, a McAfee-sponsored report is offering insights into the broader economic impact of cybercrime.

In an effort to eliminate the guesswork from estimates on cybercrime costs, McAfee hired the Center for Strategic and International Studies (CSIS), a international policy institution for defense and security, to build an economic model and methodology to accurately estimate these losses.

The results are revealed in a report called "Estimating the Cost of Cybercrime and Cyber Espionage." And the numbers are staggering. The firm estimates a minimum of a $100 billion -- and as much as a $500 billion -- annual loss to the U.S. economy. What's more, about 508,000 U.S. jobs are also lost in the wake of malicious cyber activity.

How Accurate Are the Numbers?

"We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyber activity," said Mike Fey, executive vice president and chief technology officer at McAfee. "Other estimates have been bandied about for years, but no one has put any rigor behind the effort. As policymakers, business leaders and others struggle to get their arms around why cybersecurity matters, they need solid information on which to base their actions."

So how did CSIS come up with the figures? The firm used real-world analogies like figures for car crashes, piracy, pilferage, and crime and drugs to build out the model. CSIS believes this is a better approach than surveys because companies that reveal their cyber losses often cannot estimate what has been taken -- intellectual property losses are difficult to quantify and the self-selection process of surveys can distort the results.

In its report, CSIS classified malicious cyber activity into six areas: the loss of intellectual property; cybercrime; the loss of sensitive business information, including possible stock market manipulation; opportunity costs, including service disruptions and reduced trust for online activities; the additional cost of securing networks, insurance and recovery from cyberattacks; and reputational damage to the hacked company. What about the jobs estimate?

"Using figures from the Commerce Department on the ratio of exports to U.S. jobs, we arrived at a high-end estimate of 508,000 U.S. jobs potentially lost from cyber espionage," said James Lewis, director and senior fellow, Technology and Public Policy Program at CSIS, and a co-author of the report. "As with other estimates in the report, however, the raw numbers might tell just part of the story. The effect of the net loss of jobs could be small, but if a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effect could be wide ranging."

What This Means for Enterprises

We caught up with Tom Cross, director of security research at Lancope, to get his take on the results. He told us a key takeaway from an enterprise security perspective is that breaches have an ongoing cost that can take a long time to manifest as intellectual property continues to be stolen from the organization and is put into practice competitively in global markets.

"This fact underlines the importance of disrupting, ongoing compromises inside of corporate networks even after perimeter security has been breached. Attacks are not over once the network has been compromised -- when an attacker breaches your network his work has just begun," Cross said.

"Attackers may seek to control and observe corporate networks for years in order to continuously collect strategically valuable intellectual property," he said. "Every organization should be engaged in efforts to identify compromises of this sort on their networks and disrupt them."

Tell Us What You Think
Comment:

Name:

Faizan:
Posted: 2013-08-12 @ 12:22am PT
Start using VPN!!!!!

Maureen Robinson:
Posted: 2013-08-12 @ 12:09am PT
Great findings Jennifer. The latest breaches have yielded a veritable treasure trove of head-shaking security stories, all related to my favorite security soft spot -- people. The shimmer from our technological advances blinds us from the damage people can do -- and we remain so easily fooled. We've written a great article about this http://blog.securityinnovation.com/blog/2011/04/people-people-people.html

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Remember the classic BlackBerry that took the cell phone market by storm in its heyday? Well, it’s retro time at the Canadian handset maker as it rolls out the aptly-named BlackBerry Classic.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.