Cybercrime costs an average of $13 million per organization, $2.9 million per minute and cost a total of $1.5 trillion in 2018. That’s just a few cybercrime statistics that are quantified, there is a greater impact besides, of disruption and unreported events, that’s difficult to track. And, as we know the threat of cybercrime is both growing and evolving.
Carolyn Crandall, chief deception officer and CMO of cybersecurity technology company Attivo Networks, outlines these statistics and the cost and impact of cybercrime in 2019 in her “Year in Review: Cybercrime” article at InfoSecurity Magazine.
Cybercrime costs by the numbers
It’s Ponemon’s Ninth Annual Cost of Cybercrime Study that puts the average cost of cybercrime to a business at $13 million, a figure that’s increased by $1.4 million in 2019.
Risk IQ says cybercrime costs the global economy $2.9 million every single minute, a total of $1.5 trillion for 2018.
Accenture analysts predict that between 2019 and 2023 $5.2 trillion in global value will be at risk from cyber-attacks.
(Accenture’s “Cost of Cybercrime” study shared by the World Economic Forum shows that “no industry is untouched.” The industries seeing the most impact from attacks are banking, utilities, software and the automotive industry. High-tech industries, energy and consumer goods sit in the middle for attack costs. And the impact of attacks on the travel and life sciences industries is growing the most. The report also notes that organizations have seen security breaches grow by 67% in the past five years.)
The Identity Theft Resource Center indicates data breaches are increasing. In 2018 there were 1244 breaches and 2019’s figures to date have already exceeded 1272.
In 2018, compared to 2017, the number of data breaches fell 23% but the number of records of consumer data exposed actually increased 126%.
Crandall also writes that each malware attack in 2018 cost on average of $2.6 million and many other types of attack caused at least $1 million in “information loss and business disruption.”
– Engage your staff with scenario-based security awareness training or “In-the-Moment” training
The threat of cybercrime will not diminish in 2020
The CMO says the following reasons mean there will be no slowdown to the threat of cybercrime:
- Cybercrime’s economic benefits attract organized crime groups
- Nation states have an interest in political interference and disruption
- The anonymity of the internet means there are “limited prosecutions.”
Spending on information security products and services is expected to reach over $124 billion in 2019. Crandall outlines the problem:
“The dynamics for winning this battle are challenging, with the advantage generally tipped towards the adversary who carries the benefit of time, resources, the element of surprise and a commercialized marketplace for doing business. Shifting power, or as some would call ‘the home-field advantage,’ back to the defender will require new thinking.”
How businesses could react to improve cybersecurity
Crandall says good cybersecurity hygiene and employee training will need to be coupled with the following in 2020:
- Early detection infrastructure
- Security frameworks to assess efficiency and reliability
- Use of the MITRE ATTACK framework to assess how well attacks are addressed
- Tracking of time taken to respond to and contain threats and to “restore operations.”
- Consideration of how AI and machine learning can be used to understand threats and automate operations
- The updating and testing of incident response plans for all attack scenarios
- Study of prior attacks on industry peers and a “review how your organization would have fared” if it had been the victim of the same attack.
- Consideration of how well security plans fare for dealing with insider and supplier threats as well as external threats
- Check cyber insurance coverage and “understand its requirements and restrictions.”
Attivo specialises in deception technology, Crandall adds this “has been taking its place as a de facto detection security control based on its ability to slow down and derail attacks across all major attack vectors and attack surfaces.”
She also says that a cybersecurity skills gap adds to the challenge of cybercrime:
“The odds are inherently against our information security teams, who are expected to operate flawlessly with limited resources, while protecting over 26 billion devices, with over five million applications and the more than six billion connected people behind them.”
And, that we should “learn from the attacks that have come before” as well as seeking out technologies that aid the early detection of cyber-attacks.
Each week at The Defence Works we outline the previous weeks data breaches. Each and every of the hundreds of data breaches that occur each year contain a lesson for other companies in how the breach occurred and how it was dealt with. Considering real-world attacks can help to improve security awareness, identification of attack vectors, and aid in preventing new attacks occurring.
Security awareness is vital in the fight against cybercrime. Technology is important but, as we learn from data breaches, cyber attackers can easily trick employees or take advantage of their unwitting mistakes.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.
Subscribe to the Proofpoint Blog