The Rising Costs of Cybercrime - Guess Who Pays The Ferryman?
Over the last few years, cybercrime and espionage have caused damages that have reached $600 billion in 2017, which is about 0.8% of global GDP. This is a substantial increase from $445 billion in damages that was reported in 2014. Guess who pays for it in the end? We all do!
Cybercrime hits targets around the world
Cybercrime does not discriminate when it comes to nationalities; we could say that cybercrooks are equal opportunists. Let’s take a quick trip around the world.
- APAC alone lost $171 billion to cybercrime last year, which includes the recent hack of Tokyo-based cryptocurrency exchange Coincheck when almost 58 billion yen of NEM coins (worth more than $500 million) were stolen.
- New Zealanders lost more than $177 million to cybercrime in 2017 with most of them unable to recover all of their losses. Furthermore, 82% of the victims did not receive reimbursement for their financial loss.
- In the US, the White House Council of Economic Advisers (CEA) stated in its recent report that malicious cyber activity cost the US economy amount to $57 billion - $109 billion in 2016 alone.
- The German Federal Criminal Police Office reported 83,000 cases of cybercrime during 2017, causing over 51 million euro in damages. Furthermore, half of German companies have been hit by spying, sabotage or data theft.
- In the Netherlands, the total damage due to cybercrime is estimated at 10 billion euro or 1.3% of the GDP annually, of which SMBs/SMEs lost 1 billion.
- In Ghana, the economy lost a total of US$50 million to cybercrime in 2016 which is expected to double in 2018. Although this seems small compared to other countries and regions, it is still devastating for the local economy.
Overall, we see a rise of cybercrime consisting of data destruction, business disruption through ransomware, denial of service (DOS) attacks, and other threats. If we look at ransomware, we can expect more attacks in 2018, since the profits for cybercrooks are high. According to the FBI, total ransomware payments are nearing $1 billion.
Cybercrime is also becoming more and more organized, with cybercrime syndicates operating across borders as is shown in the latest FBI just bust. The agency rolled up Infraud, a $530 million global cybercrime ring with roots in the US as well as numerous other countries. Combined, the group is believed to have trafficked in stolen financial data (including up to 4 million credit cards), identities and contraband worth over $530 million in losses. Their goal was to inflict a total of $2.2 billion in damage.
Cyber bank robberies are also increasing in scope with cybergangs using two methods for their bank heist: ATM jackpotting and SWIFT wire transfers. In a 2017 attack, hackers stole $6 million from the Russian central bank via the SWIFT messaging system, and the year before that, hackers stole $81 million from the Bangladesh Central Bank via SWIFT.
Needless to say, fighting cybercrime will remain a top priority for governments, financial institutions, companies of all sizes and individual all over the world. At Cymulate, we noticed the following trends:
- Countries and law enforcement will increase cooperating across borders to stop cyberterrorism and organized cybercrime organizations.
- Cyber security tools will become more advanced to address the growing wave of sophisticated attacks quicker and more efficiently.
- For preventing attacks, AI and other technologies will be developed to analyze big data to discover hidden patterns.
- CISOs will become standard members of the C-suite in enterprises, also for compliance with regulations such as the upcoming GDPR.
- Cyber security insurance will go mainstream. To illustrate, insurance firm Allianz is going to provide cyber security insurance coverage to customers using certain Apple devices and Cisco security products.
In the meantime, if you want to test the cybersecurity posture of you organization, you can try out Cymulate’s Breach & Attack Simulation (BAS) platform that simulates cyberattacks against your organization and validate if your security products are working properly to defend you from known and unknown cyber threats.