SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Global cybercrime losses rapidly approaching trillion-dollar mark - McAfee report
Wed, 9th Dec 2020
FYI, this story is more than a year old

Global losses from cybercrime are close to becoming a ‘trillion-dollar' shackle that is weighing down the global economy, with the annual global cost of cybercrime pegged at $945 billion - or 1% of the entire world's GDP.

These are some of the figures from McAfee's The Hidden Costs of Cybercrime report, conducted in partnership with the Center for Strategic and International Studies.

McAfee SVP and CTO Steve Grobman calls for greater understanding of the major impacts of cyber risk, and encourages organisations to put plans in place, given the hundreds of billions of dollars in global financial impact.

This sentiment is echoed in the report, which indicates a lack of organisation-wide understanding of cyber risks, such as sophisticated social engineering attacks that may not be caught in time to prevent major organisational damage.

The report found that 56% of surveyed organisations do not have a cyber incident prevention and response plan. Of those who do have a response plan, only a third (33%) believe it is effective.

The hidden costs of cybercrime go beyond dollars in the bank and intellectual property, which account for at least 75% of cyber losses. However,  92% of organisations say negative effects can also include:

  • System downtime – Downtime is a common experience for around two-thirds of respondents' organisations. The average cost to organisations from their longest amount of downtime in 2019 was $762,231. The report found that 33% of survey respondents stated IT security incident resulting in system downtime cost them between $100,000 and $500,000.
  • Reduced efficiency – As a result of system downtime, organisations lost, on average, nine working hours a week leading to reduced efficiency. The average interruption to operations was 18 hours.
  • Incident response costs – According to the report, it took an average of 19 hours for most organisations to move from the discovery of an incident to remediation. Many security incidents can be managed in-house, but major incidents can often require outside consults with high rates that form a significant portion of the cost of a large-scale incident. 
  • Brand and reputation damage – The cost of rehabilitating the external image of the brand, working with outside consultancies to mitigate brand damage, or hiring new employees to prevent against future incidents is part of the cost of cybercrime. 26% of respondents identified damage to brand from the downtime experienced because of a cyber attack.

McAfee EMEA president Adam Philpott comments, “To keep cyber attackers at bay, especially as their tactics evolve to become even more sophisticated, businesses must go beyond establishing baseline protocols to create and maintain a secure environment.

“This includes the use of risk intelligence to prioritise threats, predict which malware campaigns will be launched against them, and pre-emptively improve their defensive countermeasures. This will allow organisations to get ahead of adversaries and better manage their cyber risk.

The report is based on open source data, IMF income data, and responses from 1500  IT and line-of-business decision makers from Japan, Australia, Germany, France, the United Kingdom, Canada, and the United States.

“Moving forward, it's vital that business leaders consider cyber as an investment, rather than a cost. When done well, implementing the right security does far more than protect against the losses outlined in this report. It becomes an incredible driver of business growth, innovation and resiliency,” concludes Philpott.