The estimated global cost of cyber crime has exceeded the $1 trillion (roughly £755 billion) mark, with the overwhelming majority of companies also suffering from cyber attacks in non-monetary ways.
The scale of global losses represents 1% of worldwide GDP and is 50% higher than the estimated costs of $600 billion (£453 billion) recorded in 2018, according to research by McAfee and Center for Strategic and International Studies (CSIS).
The one-trillion-dollar-mark has been breached thanks to a combination of direct monetary losses of $945 billion combined with global spending on cyber security, which is expected to hit $145 billion in 2020.
The jump in losses between the last two years is also far sharper than the rise in losses between figures in previous years. Losses were roughly $300 billion in 2013, $475 billion in 2014, and $522.5 billion in 2018.
“The severity and frequency of cyber attacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said McAfee’s SVP and CTO Steve Grobman.
“While industry and government are aware of the financial and national security implications of cyber attacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high impact costs. We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents given the hundreds of billions of dollars of global financial impact.”
The report surveyed 1,500 companies, with only 4% claiming they didn’t experience any sort of cyber incident in 2019. Damage from malware and spyware was the most costly, followed closely by the cost of mitigating a data breach.
While the monetary losses are stark, the research has also highlighted some of the other costs of cyber crime that may be a bit more difficult to measure, with 92% of organisations sustaining non-monetary losses in some way.
Reduced efficiency, for example, could come by as a result of extended system downtime, with organisations losing nine working hours per week. The average interruption to operations, meanwhile, stood at 18 hours.
It also took an average of 19 hours for most organisations to shift gears from the discovery of an incident to remediation. Many security threats could be managed in-house, although major incidents often require external consultation at high rates.
Reputational damage was sustained by 26% of organisations questioned as part of the research. The costs are mainly felt in this area by the need to rehabilitate the image of the company, work with external to repair brand identity, or hire new employees to prevent future incidents.
