According to a new report by the Center for Strategic and International Studies (CSIS), the annual cost of cybercrime is over $400 billion. The losses it inflicts on the global economy are estimated between $375 and $575 billion per year, representing almost 1% of the world income.
In other words, cybercrime is on par with drug trafficking for worldwide damage done: it hurts "trade, competitiveness, innovation, and global economic growth" and if that weren't enough, it costs jobs too (source).
It's also a phenomenon we can expect to see more of. To hackers, cybercrime offers a sweet spot between risk and reward: the risks are low; the rewards, high. Put differently, the crime now qualifies as a growth industry.
So why aren't governments doing more to prevent it?
Problem: Failure to recruit
At a time of global economic crisis, many governments face a budgeting balancing act that makes it difficult to respond to problems as comprehensively as one might wish.
For example, last week we discussed how the U.S. government faces a shortage of cybersecurity experts, partly because those experts can find better salaries in the private sector.
Organizations that won't invest can't recruit, and that's a problem: today's hackers are pretty sophisticated. It requires equal or better talent to meet them head-to-head.
It's hard to argue with data - but if the data isn't there, what's really hard is proving the severity of a situation.
If you ask Stewart A. Baker, a former policy official at the U.S. Department of Homeland Security, data collection on cybercrime is of fundamental importance: "The more that governments understand what those costs are, the more likely they are to bring their laws and policies into line with preventing those sorts of losses" (source).
When cybercrime is underreported, governments are free to convince themselves that the situation is not as bad as they think. Ignorance may be bliss, but at $475 billion a year, that's remarkably expensive bliss.
Which brings us to our third and final problem for the day, inaction. Could governments be doing more? The CSIS report answers a resounding yes: globally speaking, governments are just not doing enough to compile and distribute data, stop the crime or locate the criminals. Hence the "low risk" part of the "low risk, high reward" equation.
In the meantime...
Be sure to get the highlights of the CSIS report. It's interesting stuff.
Next, take steps to protect your organization from cybercrime. While the phenomenon is indeed widespread and globally catastrophic, you are not defenseless: studies confirm that when organizations take the initiative to practice defense-in-depth security, their efforts can be extremely effective.
Learn more about how Netop can support the security and profitability of your organization at the same time. Click here.