Cybercrime costs business £265bn a year, report reveals

Cybercrime costs worldwide business an estimated at £265bn a year, a study has revealed

Cyber crime costs businesses across the globe an estimated £265bn a year, wiping out up to 20% of all the value created by the internet, a study has revealed.

The biggest cost comes from damage to company performance and to national economies, according to a report by the Center for Strategic and International Studies(CSIS) and McAfee, part of Intel Security.

Cyber crime damages trade, competitiveness, innovation and global economic growth, affecting about 150,000 jobs in the European Union.

In the UK, 93% of large corporations and 87% of small businesses reported a cyber breach in the past year, with breaches costing large businesses up to £1.4m and small businesses more than £60,000.

Cyber crime’s effect on intellectual property (IP) is particularly damaging, and countries where IP creation and IP-intensive industries are important for wealth creation lose more in trade, jobs and income from cyber crime than countries that depend more on agriculture or low-level manufacturing, the report found.

Accordingly, high-income countries lost more as a percentage of GDP than low-income countries, with some losing as much as 0.9%, on average.

In 2013, the total cost of cyber crime to the UK economy was £6.8bn or 0.47% of the GDP, placing the UK in fifth position in terms of the G20 countries most affected by cyber crime.

According to the report, one UK company incurred losses of £774m through the loss of intellectual property and commercial disadvantage.

The report estimates that UK retailers lost more than £505m in 2013 through penalty-free financial cyber crime, but found these losses could have been avoided with proper protections in place.

“Cyber crime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors,” said Jim Lewis of CSIS. 

“For developed countries, cyber crime has serious implications for employment. The effect of cyber crime is to shift employment away from jobs that create the most value. Even small changes in GDP can affect employment,” he said.

Part of the losses from cyber crime are directly connected to what experts call “recovery costs”, or the digital and electronic clean-up that must take place after an attack.

Although criminals cannot monetise all the information they steal, their victims must spend significant resources as if they could, the report said. 

In Italy, for example, actual hacking losses totaled £520m, but the recovery or clean-up costs reached £5bn. This means there can be a tenfold increase between the actual losses directly attributed to hackers and the recovery measures companies must implement after attacks.

“Cyber crime has a real and detrimental impact on the global economy, and has become a real growth industry, with great returns and low risks,” said Raj Samani, chief technology officer of McAfee Europe.

“However, this situation is not irreparable as stronger technology defences, greater collaboration between nations, and improved public-private partnerships could prevent and reduce the losses,” he said.

Samani said making progress on these changes will require governments and businesses to work together to create a stronger method for reporting and measuring the economic impact of cyber crime.

“This will enable businesses to assess risk more effectively and take appropriate action,” he said.

As more businesses move online and more consumers connect to the internet, opportunities for cyber crime will only grow, said Samani.

“This makes it imperative that countries work together now to proactively tackle cyber crime,” he added.

Samani noted that some governments are beginning serious, systematic efforts to collect and publish data on cyber crime to help countries and companies make better choices about risk and policy.

Improved international collaboration and public-private partnerships are also beginning to show tangible results in reducing cyber crime.

At the start of June, 11 countries worked together to take down the infrastructure supporting the GameOver Zeus botnet.

However, security experts warned businesses and individuals to take steps to protect themselves against the malware because they expected cyber criminals to restore the botnet quickly.

Read more on IT risk management