Norton: Cybercrime Cost $110 Billion Last Year
Fernande Westmoreland
To help scope the cost of malicious cyber-activity, the authors looked at other types of crime for which there are estimates, including maritime piracy, pilferage and transnational crime. They note that data on cybercrime remains poor because of underreporting and a laxness in most governments around the world to collect data on cybercrime.
16. About one in five consumers fell victim to scams in the last year, with 4% clicking a fraudulent COVID-19 contact-tracing link and another 4% paying a fee to receive COVID-19 relief money, and 3% paying to get an illegitimate COVID-19 vaccine. (Norton, 2021)
52. By 2021, global cybercrime rates involving damages will amount to $6 trillion per year, $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million per minute, and $190,000 per second. (Cybersecurity Ventures, 2020)
The report identifies men between 18 and 31 years old who access the Internet from their mobile phone as the most likely cybercrime victims: in this group 80% have fallen prey to cybercrime in their lifetime.
A recent report by the Norton division of Symantec estimated the cost of cybercrime at $388 billion per year. Included in that figure are the total dollars stolen and the costs of the time spent resolving the attacks ($114 billion). The total also accounts for the costs of the productive time lost by victims as a result of the cybercrimes committed against them ($274 billion).
The report reveals that more than 1 million people per day became victims of cybercrime over the past year. Viruses and malware were the most common type of cybercrime, with 54 percent of adults having had their computers infected.
Confidence frauds, which also include grandparent scams, were the costliest cons for older adults, with 2021 losses topping $432 million for victims age 60 and up, a 54 percent increase from the prior year.
This con was the most commonly reported by people 60 and older last year, with 13,900 complaints, more than double the 2019 number. Losses from tech support scams grew more than sixfold over the same span, from $38.4 million in 2019 to nearly $238 million in 2021.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The damage cost estimation is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities, and a cyberattack surface which will be an order of magnitude greater in 2025 than it is today.
Cybersecurity Ventures anticipates 12-15 percent year-over-year cybersecurity market growth through 2025. While that may be a respectable increase, it pales in comparison to the cybercrime costs incurred.
For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually. Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost.
With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).
In terms of monetary costs arising from cyber-attacks, the most recent data from the Australian Competition and Consumer Commission (ACCC) identified that Australians lost over $634 million to scams last year,2 whilst other industry experts estimate the costs to be as much as $29 billion per annum.3 Globally, the CrowdStrike Survey shows that 56% of respondents reported that their organisation suffered a ransomware attack in 2020, with 27% of those who experienced a successful attack ending up paying ransom at an average cost of US$1.1 million. 61% report that their organisation has spent US$1 million or more on digital transformation in the last three years.
Cybercrime is one of the biggest challenges that humanity will face in the next 20 years. Our economies are becoming more dependent on technology, and thus more vulnerable to emerging variations of cybercrime and e-fraud. A recent study by the World Economic Forum (WEF) indicates that, with the exception of the U.S., most countries have underplayed the risks of cyberattacks on their economic well-being. Stagnation of the global economy, caused by unresolved fundamental economic problems, is also eliminating the middle class in developed countries and increasing inequality. Fundamental economic problems, described in numerous works of the economist Joseph Stiglitz, are aggravating, and aggravated by, cybercrime.
Cybercrime is both a technical and an economic problem, so cannot be solved by technical means alone. Desperate investors, scared by negative interest rates and high volatility on the global financial markets, invest in VCs that transfer their cash into cybersecurity startups. Meanwhile, cybercrime costs steadily outperform the billions invested into cybersecurity.
On the other hand, cybercrime has become widely accessible and very simple. You no longer need to know assembly and C programming languages, understand network stacks, or be familiar with complicated exploitation and reversing techniques to hack into devices and remote systems. The availability of ready-to-use exploit-kits, tools and frameworks enables almost anyone to easily break into computers, email accounts, wireless networks and mobile devices. Unfortunately, examples of the CIA director hacked by a 13-year-old or a 12-year-old responsible for hacking police websites are much more frequent than those of a 10-year-old rewarded by Instagram.
In 2021, several high-profile companies were victims of costly cyberattacks. The ransomware attack on Colonial Pipeline resulted in a $4.4 million payout to their attackers.10 CNA Financial paid ransomware hackers $40 million to decrypt parts of their digital infrastructure from which they locked the company out of.11 And JBS, the largest meat producer in the world, shut down several of its plants due to a cyberattack.12 These examples are just a few of the major attacks that victimized companies last year, at times resulting in multi-million dollar losses.
The use of these estimates comes amid increased debate about cyberattacks; warnings of a digital Pearl Harbor are becoming almost routine. "A cyberattack could stop our society in its tracks," Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said earlier this year. Bloomberg reported just last week that a group of Chinese hackers, whom U.S. intelligence agencies referred to as "Byzantine Candor," have stolen sensitive or classified information from 20 organizations, including Halliburton Inc., and a prominent Washington law firm, Wiley Rein LLP.
Symantec said its estimates are developed with standard methods used by governments and businesses to conduct consumer surveys and come from "one of the few, large, multi-country studies on cybercrime that asks consumers what forms of cybercrime they have actually experienced and what it cost them."
StrategyOne surveyed almost 20,000 people in 24 countries, asking them to report whether they had experienced cybercrime and how much it had cost them. The company said it used "standard research practice for online surveys" to obtain a representative sample of Internet users. To calculate a total cost, it multiplied the estimated number of victims by the average cost of cybercrime in each country.
Sen. Collins added another layer of confusion about the mysterious $250 billion figure when she spoke last week in support of the cybersecurity bill. In remarks on the Senate floor, she mentioned Gen. Alexander and said, "He believes American companies have lost about $250 billion a year through intellectual property theft."
One easy way to see the impact of cybercrime is to weigh the numbers we have against the costs of traditional crimes like tax or welfare fraud. One study estimates that these traditional methods of theft cost the average citizen a couple hundred dollars per year.
Dubai: The financial cost of cybercrime to the UAE has reached $1.4 (Dh5.14) billion to date this year, an increase of 4.9 per cent as hackers take advantage of consumer complacency, said an industry expert.
He said that 2.53 million consumers were affected by cybercrime in the UAE this year compared to two million last year, an average of 31.5 hours per victim dealing with the consequences compared to 30 hours last year.
Cyber incidents are also the cause of business interruption (BI) that Allianz Risk Barometerrespondents fear most (45%), reflecting ongoing concern for disruption caused by ransomware attacks, IT system and cloud outages and the threat of cyber war. Severe BI can result from a wide range of cyber-related triggers, including malicious attacks by criminals or state-backed hackers, human error or technical glitches. According to Allianz analysis of cyber-related insurance industry claims that it has been involved with over the past five years, BI is the main cost driver for 57% of claims globally and is a significant driver for the rising severity of claims, including from ransomware attacks, which have proliferated in recent years. Hackers increasingly target both digital and physical supply chains providing opportunities to simultaneously attack multiple companies and gain additional leverage for extortion.
CyberEdge began tracing IT security spend in 2018 and saw budgets rise from 12.1 percent to 12.8 percent between then and 2020. Since then, budgets have stablized, falling only slightly to 12.7 percent in 2021 and 2022. However, there was a slight increase in the UK over the last year (from 10.9 percent to 11.3 percent).
dd2b598166