The global economy is now losing more than $ 1 trillion (approximately £ 740 trillion) to cybercrime each year, an increase of more than 50% from the figures reported in 2018, and two-thirds of organizations reported some type of security incident. cyber in 2019, the average cost for an individual company has now exceeded $ 500,000.
This is according to a new report by the security firm McAfee in conjunction with the Center for Strategic and International Studies (CSIS), which focuses on the significant financial and invisible impacts of cybercrime.
The study, The hidden costs of cybercrime, is based on data collected by pollsters Vanson Bourne, who interviewed a representative and selective sample of 1,500 cross-industry IT and line of business decision makers between April and June 2020, along with CSIS interviews with government officials, open source and the IMF. income data.
“The severity and frequency of cyberattacks on businesses continues to increase as techniques evolve, new technologies broaden the threat surface, and the nature of work expands to home and remote environments,” said Steve Grobman, vice president. McAfee senior and chief technology officer.
“While industry and government are aware of the financial and national security implications of cyberattacks, unplanned downtime, the cost of investigating breaches, and disruption to productivity represent less appreciated high-impact costs.” , said. “We need a greater understanding of the comprehensive impact of cyber risk and effective plans to respond and prevent cyber incidents given the hundreds of billions of dollars of global financial impact.”
McAfee researchers said the increase could be explained, on the one hand, by better and more accurate incident reports, but on the other, by “better” and “more accurate” cybercriminals. Cybercrime is profitable, it can be quite easy, and it is a relatively low-risk criminal activity – the most sophisticated cybercriminals almost always evade justice.
However, these are not the only factors. The increased reliance on the internet to run our daily lives and business, particularly during the pandemic, although this research was conducted from the outset during the current period of disruption, means there are more opportunities for cybercriminals to have a impact.
In addition, in the past 12 months, for example, the explosion of ransomware attacks and phishing-related incidents has led malicious actors to target organizations that often have no choice but to pay, such as those in the healthcare or healthcare sector. government.
In addition to the main financial figures, the study revealed the lasting impact of an incident beyond the financial one. Some of the most overlooked costs of cybercrime come in the form of damage to business performance, McAfee found, with 92% reporting negative effects.
These included system downtime, which affected approximately two-thirds of the organizations surveyed; reduced efficiency as a result of this, with organizations losing an average of nine hours of work per week; incident response and mitigation, with a significant cost burden in the form of external security consulting and forensic investigations; and damage to brand and reputation: 26% of those surveyed identified damage to their brand thanks to a cyber attack.
McAfee and CSIS also found evidence that most organizations are not adequately preparing for security events and do not understand cyber risk, making them vulnerable to external attacks and unable to detect problems in time to avoid they turn into full-blown incidents. .
The report said that 56% of organizations did not have a plan to prevent and respond to a cybersecurity incident, and of those that did, only 32% believed it was effective.