Cyber crime is one of the fastest growing and most costly forms of criminal activity in the world today. With the widespread adoption of the internet, e-commerce, digital banking, and other online services, criminals now have a vast landscape of targets for theft, fraud, and disruption. Security vulnerabilities in software, networks, and user practices enable these crimes. So how much economic damage does cyber crime cause globally each year?
Estimating the Global Cost of Cyber Crime
Calculating the precise global cost of cyber crime is difficult due to its nature. Many cyber crimes go undetected or unreported, and loss estimations vary widely between studies. However, various cyber security firms and government agencies publish annual reports extrapolating the costs based on detected incidents, surveys, and economic modeling.
Most estimates fall in the range of several hundred billion to over $1 trillion per year. For example:
– A 2020 report by McAfee and the Center for Strategic and International Studies (CSIS) estimated the global cost at nearly $1 trillion or just over 1% of global GDP.
– Cybersecurity Ventures predicted cyber crime would cost the world $10.5 trillion cumulatively from 2021 to 2025.
– A 2021 report by Atlas VPN researchers estimated around $2.7 million is lost to cyber crime every minute.
So while the exact figure is uncertain, most experts agree cyber crime costs the global economy hundreds of billions to trillions of dollars each year. The impact is profound and growing as more business and personal activities move online.
Main Sources of Loss from Cyber Crime
Cyber crimes inflict losses on individuals, corporations, and entire economies. The three main sources of cyber crime costs include:
1. Theft and Fraud
Cyber criminals employ various techniques to steal money directly or valuable personal and financial information to enable fraud. Common methods include:
– Phishing – Deceptive emails and fake websites that trick users into entering account credentials, credit card details, or downloading malware.
– Identity theft – Using stolen personal information to impersonate victims and make unauthorized transactions in their name.
– Credit card skimming – Stealing credit card information during an otherwise normal transaction by tampering with point-of-sale systems.
– Business email compromise (BEC) – Posing as executives to manipulate employees into transferring funds to criminal accounts.
Losses from just a handful of the largest cyber theft cases add up to billions of dollars. And these represent merely a fraction of the total, as many minor thefts go unreported.
2. Ransomware Attacks
Ransomware is malware that encrypts an organization’s data and demands payment of a ransom to restore access. These attacks can entirely cripple businesses and public services. The U.S. Department of the Treasury estimates global losses from ransomware at over $20 billion per year.
– The average ransom payment in 2020 was $220,298 according to Coveware.
– The total ransom payments from just the top three most active gangs likely exceeded $1 billion in 2021 according to Chainalysis.
As ransomware actors become more sophisticated, they are extracting increasingly larger payments from victims through negotiation and secondary extortion threats.
3. Business Disruption
Beyond direct theft and extortion, cyber crime also inflicts heavy costs on businesses from downtime, recovery efforts, and reputational damage after a breach. The Ponemon Institute’s 2021 report on data breaches found:
– The average cost incurred by organizations worldwide was $4.24 million per breach.
– Breaches cost U.S. companies $9.44 million on average.
– Compromised credentials were the primary cause in 46% of breaches.
– Malicious or criminal attacks caused 44% of breaches.
These operational and productivity losses from security incidents add up to sizable macroeconomic drains.
Industries Most Targeted by Cyber Criminals
While all industries face cyber security challenges, some sectors attract more cyber criminal activity than others. Main industries suffering disproportionate losses include:
Financial Services
Banks and financial institutions store highly valuable personal information and financial assets that criminals aggressively target. An IBM report found the financial sector sustained 19% of all breaches in 2021. Key risks include:
– Wire transfer fraud costing tens to hundreds of millions per incident.
– Credit card skimming and cloning causing widespread losses.
– ATM hacking and cash-out schemes.
– DDoS extortion campaigns that threaten service disruptions.
Healthcare
Medical records contain sensitive personal information that sells for a high price on dark web marketplaces. Healthcare organizations also rely heavily on legacy systems with security weaknesses.
– Hospitals paid nearly $2 billion in ransoms from 2016 to 2021 according to Emsisoft.
– Breaches exposed 29 million patient records in 2021 alone according to the U.S. Department of Health and Human Services.
– Average cost per compromised record in healthcare was $499 in 2020 based on IBM analysis.
Retail
Major data breaches affecting point-of-sale systems and ecommerce sites have exposed tens of millions of customer payment cards. Retailers also face risks such as gift card hacking and inventory management system manipulation.
– Payment card compromises cost U.S. retailers $4.5 billion per year according to a LexisNexis study.
– The 2018 breach of Marriott International exposed 383 million guest records.
– Cyber criminals netted $45 million from the 2015 breach of Sally Beauty supply stores.
Manufacturing
Intellectual property theft and production disruption via ransomware and wiper malware campaigns impose heavy costs on manufacturers.
– The average cost of IP theft to U.S. firms is $4.6 million according to the Commission on the Theft of American Intellectual Property.
– The 2017 NotPetya ransomware outbreak caused over $10 billion in damages across shipping giant Maersk and other manufacturers.
– Automakers lose an estimated $12 billion to counterfeit auto parts annually per the International AntiCounterfeiting Coalition.
| Industry | Losses (billions) |
|---|---|
| Financial services | $42.7 |
| Services | $39.0 |
| Manufacturing | $29.3 |
| Utilities | $24.7 |
| Retail | $24.0 |
| Healthcare | $20.1 |
| Technology | $19.7 |
Source: Accenture 2020 Cost of Cybercrime Study
Cyber Security Challenges in Key Regions
Cyber crime follows money, and markets with the most advanced digital economies tend to suffer the greatest losses.
United States
With the world’s largest economy highly dependent on digital systems, the U.S. loses hundreds of billions to online crimes annually.
– U.S. losses represent one-third to one-half of the global total per CSIS.
– Reported losses reached $6.9 billion in 2021 according to the FBI’s Internet Crime Complaint Center (IC3).
– The U.S. also suffers more ransomware attacks than any other country, with enormous incident costs.
However, the U.S. cyber security ecosystem including government agencies, private companies, and public-private partnerships is also among the most robust and sophisticated.
European Union
The EU likens cyber crime to an “epidemic” plaguing critical infrastructure and businesses. Losses exceed €55 billion annually according to Europol. Key facts about the EU landscape:
– Germany, the Netherlands, France, and the UK were the top destinations for phishing hosts per Hosting Tribunal.
– Cryptocurrency-stealing malware attacks increased 466% in Germany from 2020 to 2021.
– Poland, Italy, Netherlands, and France had the most ransomware attacks in 2020.
– 70% of European businesses reported a cyber attack in 2020 according to Eurostat.
Asia Pacific
The Asia Pacific region has many developing digital economies and massive populations coming online, creating opportunities for cyber criminals.
– Japan, South Korea, Australia, and Singapore have relatively high cyber security maturity to counter risks.
– India saw a nearly 300% surge in cyber crime registered with police from 2017 to 2020 based on National Crime Records Bureau data.
– China-based groups account for 71% of all cryptocurrency theft according to Chainalysis.
– However, underreporting remains an issue across the region. Over 90% of cyber attacks go undetected according to a Microsoft study.
Emerging Cyber Threat Trends
As technology, business models, and geopolitics evolve, so do the tactics of cyber criminals. Ongoing trends enabling new attack vectors include:
Cloud Adoption
Misconfigurations in cloud platforms enable data exposures, while their scale allows attacks to spread rapidly.
Supply Chain Attacks
By compromising third-party providers, attackers can stealthily access countless customer organizations.
Cryptocurrency
The anonymity of cryptocurrency facilitates cyber crime payments while creating new theft targets.
Internet of Things
Billions of insecure IoT and industrial control devices present soft targets for botnets, spying, and disruption.
Nation-State Capabilities
State-sponsored groups execute sophisticated cyber campaigns for economic and strategic advantage.
Deepfakes
Synthetic media makes fraudulence and extortion via fake videos more viable than ever.
Recommendations for Improving Cyber Resilience
While cyber crime will remain a threat, individuals and organizations can take steps to improve defenses and resilience. Key best practices include:
– Prioritizing cyber security and data protection from the top-down.
– Adopting zero-trust and least privilege access principles enterprise-wide.
– Implementing defense-in-depth with multiple layers of security controls.
– Performing continuous vulnerability management and penetration testing.
– Using technologies like multifactor authentication and encryption.
– Building effective security monitoring, incident response, and disaster recovery capabilities.
– Participating in threat information sharing communities.
– Making cyber security training mandatory for all employees.
– Preparing contingency plans for inevitable incidents.
– Maintaining comprehensive backups offline.
– Imposing separation of duties, job rotation, and mandatory vacation policies to catch insider threats.
– Carrying cyber insurance tailored to your risk exposures.
– Fostering a workplace culture of security awareness.
The Outlook for Mitigating Cyber Crime’s Impact
Cyber crime is a complex challenge requiring coordinated efforts between law enforcement, politicians, technology leaders, businesses, and citizens to substantially mitigate. Reported losses will likely continue rising in the short term as digital transformation expands the threat surface faster than cyber defenses.
However, with sustained focus on security best practices, workforce education, law enforcement training, international cooperation, and research and development, we can envision a future with vastly improved cyber resilience. Standards for software security and IoT devices will also be crucial for permanently decreasing vulnerabilities.
There are no quick and easy fixes to such an entrenched global scourge. But through persistence, adaptation, and accountability across the public and private sectors in pursuing cyber security excellence, we can hope to one day relegate cyber crime to a rare occurrence rather than a daily inevitability.
Conclusion
In summary, cyber crime costs the world economy upwards of $1 trillion per year at present according to most expert assessments. These staggering losses arise from theft and fraud campaigns targeting consumers and businesses, ransomware attacks crippling critical infrastructure, and business disruption from data breaches. The financial services, healthcare, retail, and manufacturing sectors tend to bear the brunt of damage. Regions with the most advanced digital economies like the U.S. and E.U. suffer the greatest monetary losses. However, cyber crime is a global phenomenon on the rise across emerging markets as well. While there is no single solution, nations, companies, and citizens can employ a combination of security best practices and vigilance to mitigate risks, limit rewards for criminals, and over time steadily reduce the impact of cyber crime on society. But it will require expansive cooperation and patience, as cyber crime will continue plaguing the digital landscape for the foreseeable future.