Global losses from cybercrime are projected to hit $945 billion in 2020, reaching a level equivalent to 1% of the entire world’s GDP. These are figures from McAfee’s recently published ‘The Hidden Costs of Cybercrime report’, conducted in partnership with the Center for Strategic and International Studies.
Considered by many to provide the best insight into the ‘cybercrime industry’, this is the 4th report published by McAfee who utilise open source information, IMF income data and surveys of 1500 businesses across various territories (including the UK). The projected losses are almost double the cost of cybercrime reported by McAfee just two years ago.
The report highlights the growing risk of ransomware attacks, the perpetrators of which have thrived during the coronavirus pandemic. New opportunity for cybercriminals has arisen from the sudden shift to homeworking by millions of employees across the globe. With increased homeworking likely to remain a feature in a post-Covid world, this is likely to be a long-term issue.
The report underscores the ‘hidden losses’ that arise form cyber incidents, even where extortion attempts are not successful, these including:
business interruption – in relation to ransomware attacks it was noted that business interruption costs could be up to 100 times the amount of the ransom payment sought;
breach response costs – with major incidents often requiring the assistance of external cyber-security consultants and legal experts; and
PR and reputational damage – 26% of companies surveyed stated that they had experienced brand damage, frequently as a result of system downtime.
Despite this exponential increase in cybercrime, the report found that more than half of surveyed organisations did not have clear cyber incident prevention and response plans. Further, only 32% of those with plans in place believed that they were actually effective.
The report makes interesting but concerning reading. If there is one takeaway point, it is that with McAfee noting that cyber criminals are becoming increasingly more sophisticated and brazen, better cyber hygiene, planning and awareness must rapidly become a higher priority across industries.
One of the biggest challenges is the lack of an organization-wide understanding of cyber risk. This makes companies and agencies vulnerable...and once a hack has succeeded, they fail to recognize the problem in time to stop the spread of malware.