Cybercrime drains $600 billion a year from the global economy, says report

According to McAfee and the Center for Strategic and International Studies, nearly one percent of global GDP is lost to cybercrime each year.
Written by Danny Palmer, Senior Writer

Global businesses are losing the equivalent of nearly one percent of global GDP (Gross Domestic Product) a year to cybercrime, and it's impacting job creation, innovation and economic growth.

So says a report from cybersecurity firm McAfee and the Center for Strategic and International Studies (CSIS), which estimates that cybercrime costs the global economy $600 billion a year -- up from a 2014 study which put the figure at $445bn.

The cost of cybercrime amounts to 0.8 percent of global GDP, with the $155bn jump since 2014 attributed to the speed with which new technology is adopted by cybercriminals and an increase in the number of internet users in parts of the world with weak cybersecurity.

In addition, cybercrime-as-a-service is allowing low-level hackers to easily make money from targets, while sophisticated cyber-espionage and hacking operations are able to divert significant amounts intellectual property and funds from lucrative targets without being spotted.

Although the vast amount of money being lost to cybercriminals represents a problem itself, it also has a knock-on effect on businesses and the economy as a whole.

"Really, the fundamental question here is about the economic impact of cybercrime," Raj Samani, Chief Scientist and Fellow at McAfee, told ZDNet.

"We need to focus the efforts on how these things have a detrimental impact on economic growth, an economic impact on new jobs being created, an economic impact on revenue," Samani added.

Last year's NotPetya attack provided clear examples of how falling victim to cybercriminals can cost businesses dearly, with Reckitt Benckiser, FedEx and Maersk among those facing losses of hundreds of millions due to the impact of system downtime.

See also: Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you

For example, Maersk had to reinstall 4,000 servers, 45,000 PCs, and 2,500 applications, with the need to do so impacting on the shipping firm's ability to do business. Møller-Maersk Chairman Jim Hagemann Snabe described the incident as a "very significant wake-up call for Maersk, and you could say, a very expensive one."

The time, money and resources to reinstall all of those systems had to come from somewhere, so what did Maersk sacrifice in order to restore its business? "If this is the amount of money you haven't made because of a computer worm, then what is the detrimental impact on you as a business? What didn't you do as a business?," Samani asked.

Meanwhile, in the UK, telecommunications provider TalkTalk suffered a high profile data breach after falling victim to hackers in 2015. The company says it lost £60 million and over 100,000 customers as a direct result of the incident, with the drop in customers reducing TalkTalk's revenue in the long term. The cost of falling victim to cybercrime is likely to have been detrimental elsewhere.

"Maybe that money was earmarked for hiring more people, maybe it was earmarked for investment. But those are jobs in the United Kingdom that weren't filled because of cybercrime," said Samani.

To combat the cost of cybercrime, the McAfee/CSIS report makes some simple recommendations, such as regularly patching systems and software in order to prevent cybercriminals exploiting known vulnerabilities to conduct attacks.

The report also recommends increased international cooperation in the fight against cybercrime, along with "a requirement for additional resources for investigation and to expand agency resources, and for cybercrime capacity building in developing nations".


Editorial standards