Cyber-crime takes almost US$600bil toll on global economy

By Digital News Asia February 23, 2018

Theft of intellectual property accounts for at least 25% of cost of cyber-crime
The anonymity of cryptocurrencies protects actors from easy identification

Cyber-crime takes almost US$600bil toll on global economy

MCAFEE, in partnership with the Centre for Strategic and International Studies (CSIS), on Feb 22 released “Economic Impact of Cybercrime – No Slowing Down,” a global report that focuses on the significant impact that cyber-crime has on economies worldwide.

The report concludes that cyber-crime costs businesses close to US$600 billion (RM2.34 trillion), or 0.8% of global GDP, which is up from a 2014 study that put global losses at about US$445 billion (RM1.74 trillion).

The report attributes the growth over three years to cyber-criminals quickly adopting new technologies, the ease of engaging in cyber-crime – including an expanding number of cyber-crime centres – and the growing financial sophistication of top-tier cyber-criminals.

“The digital world has transformed almost every aspect of our lives, including risk and crime, so that crime is more efficient, less risky, more profitable and has never been easier to execute,” said McAfee chief technology officer Steve Grobman.

“Consider the use of ransomware, where criminals can outsource much of their work to skilled contractors. Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement.

“Add to these factors cryptocurrencies that ease rapid monetisation, while minimising the risk of arrest, and you must sadly conclude that the US$600 billion cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy.”

Banks remain the favourite target of cyber-criminals, and nation states are the most dangerous source of cyber-crime, the report finds.

Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber-espionage.

“Our research bore out the fact that Russia is the leader in cyber-crime, reflecting the skill of its hacker community and its disdain for western law enforcement, said James Lewis, senior vice president at CSIS.

“North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we’re now seeing an expanding number of cyber-crime centres, including not only North Korea but also Brazil, India and Vietnam.”

The report measures cyber-crime in North America, Europe and Central Asia, East Asia and the Pacific, South Asia, Latin America and the Caribbean, Sub-Saharan Africa, and the Middle East and North Africa.

Not surprisingly, cyber-crime losses are greater in richer countries. However, the countries with the greatest losses (as a percentage of national income) are mid-tier nations that are digitised but not yet fully capable in cyber-security.

Methodology

The report did not attempt to measure the cost of all malicious activity on the internet, focusing instead on criminals gaining illicit access to a victim’s computer or network. The elements of cyber-crime the authors identify include:

The loss of IP and business-confidential information
Online fraud and financial crimes, often the result of stolen personally identifiable information
Financial manipulation directed toward publicly-traded companies
Opportunity costs, including disruption in production or services and reduced trust in online activities
The cost of securing networks, purchasing cyber-insurance and paying for recovery from cyber-attacks
Reputational damage and liability risk for the affected company and its brand

To help scope the cost of malicious cyber-activity, the authors looked at other types of crime for which there are estimates, including maritime piracy, pilferage and transnational crime.

They note that data on cyber-crime remains poor because of under-reporting and a laxness in most governments around the world to collect data on cyber-crime.

Recommendations

The report also includes some recommendations on how to deal with cyber-crime, including:

Uniform implementation of basic security measures and investment in defensive technologies
Increased cooperation among international law enforcement agencies
Improved collection of data by national authorities
Greater standardisation and coordination of cyber-security requirements
Progress on the Budapest Convention, a formal treaty on cyber-crime
International pressure on state sanctuaries for cyber-crime