Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:40 AM
Connect Directly

Global Cybercrime Losses Cross $1 Trillion Mark

A shift from attackers targeting individual systems to entire organizations is pushing up cost of cyberattacks sharply, McAfee says.

Security industry estimates of global cybercrime losses tend to vary quite widely, and sometimes the projections can be startling in terms of magnitude. But the data still helps lend some broad perspective to the mushrooming nature of cybercrime.

Such is the case with the latest cybercrime loss estimates from McAfee.

Related Content:

Cybercrime May Be the World's Third-Largest Economy by 2021

The Changing Face of Threat Intelligence

New on The Edge: BECs and EACs: What's the Difference?

According to the company, a study it conducted along with the Center for Strategic and International Studies (CSIS) shows cybercrime cost the world economy in excess of $1 trillion in 2019. That staggering figure — and there have been even higher previous estimates — represents a 50% increase from a 2018 study, which pegged global cybercrime losses at around $600 billion.

The study found that in addition to direct financial losses, more than nine in 10 organizations that experience a significant cyber event also have to contend with significant unplanned downtime, business disruption, and damage to their reputation and brand.

"The analysis that CSIS did, showing that [cybercrime losses] is in the trillion-dollar range, was alarming," says Steve Grobman, chief technology officer at McAfee. "That is a good indicator that we need to dial up defensive measures more aggressively."

This is especially true for organizations in industries that are usually considered relatively safe from cyberattacks, Grobman says.

McAfee and CSIS's cybercrime loss estimates counted a variety of costs they say organizations incur after a major security incident. Costs include those involved in detecting, mitigating, and responding to a breach, notifying victims, and implementing remedial measures. Also included are a variety of other costs that organizations do not always consider when evaluating the financial impact of a security incident, says Grobman. Examples include costs associated with lost and missed business opportunities, business disruption and downtime, productivity losses, and damage to the brand.

A survey of 1,500 IT business decision makers McAfee commissioned as part of the study found organizations experienced 18 hours of downtime, on average, following a major security incident. The survey found the average cost to organizations was more than $500,000 per incident. Financially motivated cyberattacks and IP theft accounted for at least 75% of the cybercrime losses organizations experienced last year, according to McAfee.

The data shows how constantly evolving adversary tactics is worsening the impact of cyberattacks for many organizations, Grobman says. In the past, attackers used to target individual devices and systems; now they have now switched to targeting the entire organization.

"One of the things we see today is cybercriminals entering an organization likely by finding credentials on the Dark Web, using a malware implant to create a back door, and then have human operators enter the company's environment," Grobman says.

Shift in Targeting
The goal is often to move laterally and find high-value targets and assets they can then target with ransomware and other malware to create most damage. Even the nature of ransomware attacks has changed from attacks seeking ransoms for encrypted data to attacks that hold entire factories and businesses to ransom. Many of these attacks are the work of sophisticated nation-state-backed threat actors, Grobman says.

The shift from attacks targeting systems and devices to attacks targeting the whole enterprise has exposed weaknesses in incident detection and response capabilities and made cyberattack costlier overall for many organizations. Previously, mitigating an attack often involved removing malware from an infected system or systems and, in drastic scenarios, reimaging them from scratch.

The survey shows that organizations take an average of 19 hours to move from initial incident discover to remediation. Less than 20% of organizations have the resources to be able to handle a security incident internally. The remaining has to hire a third party to come in and help remediate fall out from a cyberattack — another factor driving up the costs associated with cybercrime.

"One important takeaway is that cybersecurity defense is no longer something that only specific sectors have to make a top priority,'" Grobman says. There are a lot of other industries that are part of a broader supply chain — logistics and shipping companies, for instance — that need to make cybersecurity a top investment priority, he says.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.