Global cybercrime now costs nearly $600bn annually, with two-thirds of the world’s netizens having had their personal information stolen or compromised, according to a new McAfee report.
The Economic Impact of Cybercrime – No Slowing Down report was compiled in partnership with non-profit the Centre for Strategic and International Studies (CSIS).
It focuses specifically on cybercrime that occurs when attackers illegally access computer networks to steal IP and personal data, commit fraud and financial crime, and disrupt services. The report estimated costs resulting from securing networks, purchasing cyber-insurance, recovering from incidents, damaged reputation and liability risks.
Although it’s significantly greater than the $445bn estimated in 2014, the $600bn figure could be much higher when other types of cybercrime are considered, and given the fact that under-reporting and inaccuracies are rife in some regions, according to McAfee.
The report also estimated that nearly three billion credentials and other PII have been stolen since 2014, equating to two-thirds of netizens who have had their details compromised.
With Yahoo suffering a breach of three billion records, and researchers finding 1.4 billion compromised credentials on the dark web, even this could be a conservative estimate.
It also claimed that nation states were the most “dangerous” source of cybercrime, led by Russia and North Korea, but with China pegged as the most active cyber-espionage player.
Ransomware was judged to be the fastest-growing type of cybercrime, fueled by the cybercrime-as-a-service phenomenon and the rise of crypto-currency to help perpetrators maintain anonymity online.
McAfee chief scientist, Raj Samani, warned that this trend is democratizing cybercrime to the massed ranks of less technically gifted attackers.
“Businesses often struggle to remain vigilant against threats because they have too many tools operating in silo at once — and failing to communicate with each other,” he added.
“By making sure that tools can work together and removing siloed security teams, organizations can find the right combination of people, process and technology to effectively protect data, detect threats and, when targeted, rapidly correct systems.”
The report also blamed the rise in cybercrime costs on the increasing sophistication of top-tier cyber-criminals.