Cybercrime costing global economy up to $400 billion a year, says new estimate

Or is it? CSIS argues for context

Cybercrime and espionage could be costing the world between $70 billion (£46 billion) and $400 billion a year from a total global economy of $70 trillion, a new estimate by the Center for Stategic and International Studies (CSIS) has calculated.

In the context of the US economy, the damage caused by it is possibly equivalent to 500,000 jobs displaced but in truth the McAfee-sponsored study The Economic Impact of Cybercrime and Cyber Espionage admits that even coming up with these numbers is prone to be defeated by a raft of imponderables.

What the researchers were determined to do was calculate the negative effects using something more substantial than the unsatisfactory surveys often used by security vendors to describe cybercrime, the CSIS said.

First context - what do other negatives cost economies? In the US, for instance, car crashes cost somewhere between $99 billion and $168 billion a year, depending on which official estimate and year is used. Similarly, illegal drug trafficking is a $600 billion global industry.

Set against these vast numbers, the losses from cybercrime look less alarming although in the case of the car industry not all the costs will be losses; fixing cars and buying new ones generates income for other types of business in ways that cybercrime doesn't.

Cybercrime's main unintended economic benefit has been to prime the global security industry, the size of which is a separate topic.

What the CSIS's difficulties in coming up with accurate figures suggest is that the task might be nearly impossible. Direct effects are hard enough to model let alone indirect ones.

A second points is that using selective estimates based on surveys - wheeled out by governments in particular - is almost certainly misleading.

"We believe the CSIS report is the first to use actual economic modelling to build out the figures for the losses attributable to malicious cyber activity," said Mike Fey, executive vice president and chief technology officer at McAfee.

"Other estimates have been bandied about for years, but no one has put any rigour behind the effort. As policymakers, business leaders and others struggle to get their arms around why cyber security matters, they need solid information on which to base their actions."

Or is conceiving of 'costs' as losses the wrong way to approach the whole issue? The CSIS suggests that we view cybercrime losses in the same way we view losses from other activities, as something tolerated to access the benefits.

The alternative, then, is to worry less about the sums of money involved so much as the scope of the actual effects themselves. Cybercrime's damage is as much psychological as fixed in dollars.

For example, Chinese espionage and intellectual property theft might not generate huge losses for the US economy per se but could still warp relative economic performance in significant ways.

"Using figures from the Commerce Department on the ratio of exports to US jobs, we arrived at a high-end estimate of 508,000 jobs potentially lost from cyber espionage," said co-author and CSIS director, James Lewis.

"As with other estimates in the report, however, the raw numbers might tell just part of the story. If a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effects could be more wide ranging," he said.

What is clear is that whatever it is costing, cybercrime didn't exist 15 years ago and its rapid rise must be having some effect. A 2012 report from Moscow-based Group-IB found that cybercrime had mushroomed during 2011 into a $12.5 billion industry in terms of its income stream. Russian-speaking countries accounted for around a third of that total.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeesecurity

More about McAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place