When the pandemic started, businesses experienced how powerful technology is. Overnight, tech transformed industries as people turned to online transactions to purchase products and services. Technology rapidly developed and has become intertwined with people’s lives. It has essentially increased resilience, which is important in mitigating risks and enabling growth, not only in individuals, but also in businesses, economies, cities, and governments.
People’s dependence on technology grows as its role in their lives evolved. According to Statista, there will be 17 billion connected devices by the year 2024. It’ll be a 20% increase from this year alone and it’s more than double the number of people living today considering the current worldwide population is only 8 billion. Along with the rising number of connected devices, however, are the escalating levels of cyber security risks.
Cybersecurity Risks and Cyber Crimes
Dependency on technology has prompted companies, whether tech or non-tech, to develop and create more complex networks and systems than before. Still, only 4% of organizations are sure that their systems are secure against cyberattacks, according to research by the World Economic Forum.
When complex networks and systems malfunction because of cyberattacks, the impact is always devastating. This factor is considered a vulnerability that almost always has serious consequences for organizations, often leading to reputational, legal, financial, or operational damages. In other words, the more complex an organization’s network and system are, the higher the risk of a cyberattack.
Complex systems and networks, however, are not the only target of cyberattacks. When cyberattacks or cyber breaches occur, cyber crimes are committed. Cyber crimes come in many forms, but the most common and have the biggest impact are:
- Theft of financial or card payment data
- Identity fraud (where personal information is stolen and used)
- Email and internet fraud
- Theft and sale of corporate data
- Ransomware attacks (a type of cyberextortion)
- Interfering with systems in a way that compromises a network
- Cyberextortion (demanding money to prevent a threatened attack)
- Cyberespionage (where hackers access government or company data)
- Cryptojacking (where hackers mine cryptocurrency using resources they do not own)
Major cyber crimes on the other hand, that target governments, include cyber warfare, cyber terrorism, and cyber espionage. For governments, cyber crimes’ most significant impacts include loss of revenue from diminished international trade, loss of critical intellectual property and sensitive data, and financial and economic hardships. In the US, an estimated $4 billion was lost to cybercrimes in 2020 alone, according to a report by the Federal Bureau of Investigation (FBI).
The USA, however, is not the only country that is attacked by cyber criminals. The impact of cyber crimes differ on the economies of different countries all over the world.
The Impacts on US Economy
Cyber crimes can potentially disable the economy of a city, state, or even a whole country. The world’s largest economy, the USA, with a nominal GDP of nearly $21.5 trillion, is facing organized cybercrime entities. Unfortunately, organized cyber crime organizations are joining forces and they’re not easy to detect.
In fact, according to a report by Cybersecurity Ventures, the World Economic Forum’s 2020 Global Risk Report revealed that detecting and prosecuting those involved in organized cyber crimes is estimated to be as low as 0.05 percent. This means that it’s quite difficult to get the real numbers and cost of damages caused by cyber crimes.
Still, according to Cybersecurity Ventures initial reports involving damages caused by ransomware cost the world $5 billion in 2017, and by the year 2021, it increased to $20 billion. In general though, damages caused by cyber crimes cost:
- $190,000 USD per second
- $11.4 million per minute
- $684.9 million per hour
- $16.4 billion per day
- $115.4 billion per week
- $500 billion a month
- $6 trillion per year
In another report by our partner, Maxxsure Cyber Risk Management, the FBI’s Internet Crime Complaint Center (IC3) reported the annual loss of complaints was $10.3 billion in 2022. The same report said that the average cost of a data breach in the United States was $9.44 million during the same year, while the global average cost per data breach was $4.35 million.
Of the cyber breaches mentioned in the report, 24.8% occurred in the manufacturing industry, 18.9% in the finance and insurance industries, and 14.5% within the professional, business, and consumer services.
The Global Cost
On the other hand, according to a joint study by McAfee and the Centre for Strategic and International Studies (CSIS), the annual global cost of damages caused by cyber crimes is more than $400 billion. Based on their research, the economic impact of cyber crime in North America is at 0.78% of regional GDP, while it is higher in Europe are 0.84% of regional GDP.
Maxxsure has also reported on this issue, revealing that phishing was the most prevelant attack at 16% and second most expensive at $4.76 million of all cyber breaches in 2023. Following this are:
- Stolen or compromised credentials were responsible for 15% of all cyber breaches in 2023.
- Cloud misconfiguration was responsible for 11% of all cyber breaches in 2023.
- Business email compromise was responsible for 11% of all cyber breaches in 2023.
- Malicious insiders were the costliest breach type, at an average of$4.90 million, which is 9.6% higher than the global average cost of per data breach.
Added to this, when cyber attacks occur at corporate levels, the most compromised information are:
- Customer and Employee were the costliest—and most common—record compromised in 2023.
- Customer, such as names and Social Security numbers cost organizations $183 per record.
- Employee was a close second at $181per record.
- Financial information and client lists data compromised increased by 6% from 2022 to 2023.
Did you know though, customers were involved in 52% of all breaches in 2023.
Mitigating the Costs
Xyno and its partner, Maxxsure, highly recommend cybersecurity mitigation methods to minimize the risk and cost of cyber attacks. According to Maxxsure, there is a huge difference between companies that have high and low levels of adherence to various mitigation strategies. Their report suggests:
- $1.68 million or 38.4% The difference between organizations with high and low levels of a DevSecOps approach.
- $1.49 million or 34.1% The difference between high and little to no IR planning and testing.
- $1.5 million or 33.9% The difference between high and low levels of employee training.
According to Maxxsure, the biggest cost amplifiers are:
- Security system adoption of a remote workforce
- Supply chain breach
- Third-party involvement
- Noncompliance with regulations
- Security skills shortage
- Security system complexity
To mitigate the costs, Maxxsure recommends the following to be effective cost mitigators:
- CISO Appointed
- ASM Tools
- Board-Level oversight
- Insurance protection
- Threat intelligence
- Proactive threat hunting
- IR Team
- Employee Training
- DevSecOps approach
References:
https://www.weforum.org/agenda/2023/01/global-rules-crack-down-cybercrime/
https://www.csis.org/analysis/net-losses-estimating-global-cost-cybercrime
https://iapp.org/resources/article/the-cost-of-cybercrime-annual-study-by-accenture/
https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
https://www.un.org/en/global-issues/population
https://www.kaspersky.com/resource-center/threats/what-is-cybercrime
https://www.gao.gov/blog/u.s.-less-prepared-fight-cybercrime-it-could-be