Cybercrime Costs Victims $318bn Annually

Cybercrime costs victims $318bn per annum globally, according to new research by Comparitech.

The consumer rights and comparison firm made this calculation based on an analysis of cybercrime reports in 67 countries globally for which this information was available in either 2018-19 or 2019-20. It estimated that 71.1 million people fall victim to cybercrime each year, equating to nearly 900 victims per 100,000 people. The average victim lost $4476 per crime, according to the analysis.

Using these figures, Comparitech believes more than $129bn has been lost by victims of cybercrime across these 67 countries, amounting to a total of £318bn across the globe.

The countries that experienced the highest losses due to cybercrime were the US ($28bn), Brazil ($26bn), the UK ($17.4bn) and Russia ($15.2bn).

The country with the largest increase in cybercrime was Sri Lanka, where there was a 359% year-on-year rise from 2019 to 2020 (3566 to 16,376 reports). Most (15,895) of these reports related to social media crimes, likely due to the increased use of these platforms during the COVID-19 pandemic. Significant rises in reported cybercrime were also observed in Belarus (176%), Indonesia (140%), Puerto Rico (125%) and Panama (100%).

According to available figures, the country with the highest proportion of cybercrime victims was the UK, with 1095 per 100,000 people submitting reports. This was followed by Denmark (514 per 100,000 people), Spain (463 per 100,000 people), Brazil (415 per 100,000 people) and Austria (404 per 100,000 people).

Comparitech cautioned that there are vast differences in how each police force or government reports cybercrime; for example, some counties only provided financial losses to cybercrime but no precise victim numbers. It added: “With the lack of transparency and reporting around these types of crimes, it is difficult to gauge the true extent of the problem… until we’re able to see the real cost of these crimes on a country-by-country basis, cybercriminals will continue to have the upper hand. Lack of reporting will lead to a loss in victim confidence (and a reluctance to report the crime), gaps in the awareness of these types of crimes, and inadequate legislation and criminal procedures to hold cyber-criminals to account.”

Commenting on the analysis, PJ Norris, principal systems engineer at Tripwire, said, “We have seen a rise in cybercrime and most notably ransomware. Not only have ransomware attacks been growing globally, but the amounts they have been demanding have been getting higher, and there has been more specific targeting of victims.

“Many high-profile organizations have suffered and lost large sums due to ransomware. This rise in attacks might be a direct result of how profitable these attacks can be. After all, cybercrime in general – and ransomware in particular – is motivated by monetary gain.”

Javvad Malik, security awareness advocate at KnowBe4, stated: "These numbers are not surprising, but still are concerning. Cybercrime continues to be big business for criminals and with more services being digitally connected, it makes it even easier to make off with big gains. 

"It's easy to create a tech service or to digitise existing services, however, security needs to be built in from the beginning to ensure that there are no vulnerabilities. This also includes educating users of products as to what kind of threats they can expect to face and how to report any suspicious activity. Without educating users to identify and report criminal activity, we won't be able to stem the flow of cybercrime."

What’s Hot on Infosecurity Magazine?