Cost of cyber-crime $400 billion

An interesting report has been released from the Center for Strategic and International Studies and McAffe.

Net Losses: Estimating the Global Cost of Cybercrime
Economic impact of cybercrime II

[http://csis.org/files/attachments/140609_rp_economic_impact_cybercrime_report.pdf]

“We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion.”

Do you have a clue how much notes2money that is?
According to the report:  more than the national income of most countries

Like most bloggers I cannot judge whether this number is too high or too low.  Lots of arguments for either side might be made.  Given the title, I assume that these numbers are the losses only and do not include the cyber security costs implied for preventing the losses from becoming larger.  The report also states that a large fraction of damages are not reported and that statistics in different countries are quite different.

I found the following table interesting, putting the costs into some perspective:

Activity               Cost As % of GDP
Maritime Piracy        0.02% (global)
Transnational Crime    1.2% (global)
Counterfeiting/Piracy  0.89% (global)
Pilferage              1.5% (US)
Car Crashes            1.0% (US)
Narcotics              0.9% (global)
Cybercrime             0.8% (global)

It would be interesting for White Hawk to know what part of these losses are considered caused by insufficient tamper-proofing.

For several reasons we cannot answer that question:

  • The report is not detailed enough.
  • Certain (probably more correct: most) losses could have been prevented by multiple solutions.
  • As classical security companies don’t do tamper proofing, there is no appropriate category in the report.

And even if we could answer the question… who would believe us?

Lastly, in protecting critical infrastructure, knowing the possible damage can be more of a driving factor then the past damage specially when the really bad things didn’t happen.