There are many obvious and headline-grabbing costs of cybercrime.
There are many obvious and headline-grabbing costs of cybercrime. In the past few months alone there have been numerous high-profile data security breaches where hackers have obtained tens of millions of customer details, ranging from credit card numbers to medical records.
While the direct cost of insuring against such loss can be made, there are also many hidden – and arguably more serious – costs of cybercrime that hurt individual companies, countries and the global economy as a whole.
McAfee, in conjunction with the Center for Strategic and International Studies (CSIS), compiled a report this summer on the global economic impact and cost of cybercrime. Although the model to estimate cost is constrained by the availability of data regarding losses being reported, it does put a figure on the annual cost to the global economy from cybercrime at somewhere between a conservative lower figure of $375 billion and possibly as much as $575 billion.
The average annual loss due to cybercrime among all countries was 0.5 per cent of GDP, although countries in Europe and North America lost more – with Germany and the Netherlands at 1.6 per cent of GDP. Much of this is as a result of indirect costs that aren’t immediately obvious. Here are four hidden economic costs of cybercrime:
1. Intellectual property (IP) theft and cannibalism
The value of research and development (R&D) is the head start it gives companies in the market and the theft of IP damages innovation. It lessens the returns from R&D for companies and investors, potentially reducing the overall rate of innovation. Calculating the value of IP is, however, the most difficult component of the cost of cybercrime to calculate.
2. Opportunity cost
IP theft can lead to reduced investment in R&D, while cybercrime incidents more generally can lead to risk averse behaviour by businesses and consumers that limits internet use. Take the healthcare sector as an example. The use of IT in healthcare has been slowed by the fear, valid or not, that health information could be stolen, patient data could be manipulated and devices interfered with by hackers. The same may prove true for self-driving cars and other new technologies such as smart meters. In the US privacy and security fears over smart meters even led to one Texas citizen pulling a gun on a public utility contractor sent to install one of the meters. The woman said her concerns were not only about the monitoring and data being collected but the fact that hackers could potentially intercept and access that information.
This can often be more than the cost of the crime itself. One estimate by the analyst Gartner puts the losses at Target up to $420 million including reimbursement, cost of reissuing cards, legal fees and credit monitoring for millions of customers. The short-term effect on company stock prices can also be significant after a breach, although it usually recovers within a quarter or two. That might change in the future, however, if companies are required to report major hacking incidents and describe what has actually been lost (although its worth noting that many US states already require companies to report breaches).
Cybercrime has serious implications for employment in developed countries. Even small changes in GDP can affect employment and, based on the figures in our report, Europe could lose as many as 150,000 jobs due to the hit on GDP from cybercrime. Of course that’s not necessarily a net job loss figure – many of those would find other work. But the general impact is to shift employment away from high-value jobs to low paying jobs or .
Cybercrime damages trade, competitiveness, innovation and global economic growth. Companies and countries are underestimating their risk and exposure to cybercrime and those that fail to adequately protect their networks will be at an increasing competitive disadvantage.
Make no mistake, cybercrime continues to be a growth industry but the situation is not irreparable. Better technology, stronger defences, best practices for cybersecurity, international agreement on law enforcement and companies doing a better job of assessing risk can all help tackle cybercrime.