Seven-year-long APT campaign identified, possibly state-sponsored
Seven-year-long APT campaign identified, possibly state-sponsored

Cyber crime and economic espionage cost the global economy more than $445 billion annually, which a report from the Center for Strategic and International Studies, says puts cyber crime on par with the economic impact of global drug trafficking.

At $445 billion, the damages amount to nearly one percent of global income. By the think tank's estimates the U.S., Germany and China suffered the greatest economic damage, at $200 billion accounting for close to half of the total. At $100 billion, the U.S. took the greatest hit, followed by Germany at $60 billion, with China rounding off the top three at $45 billion.

The report looked at three categories of “harm,” though it doesn't provide breakdown of the figures. Intellectual property theft is the largest, followed by financial crime — the theft of credit card and other data coveted by criminal rings. The third category is economic espionage or stealing confidential, competitive information.

With acknowledgements by its authors that an international definition of cyber crime would increase the accuracy of cost estimates, the findings in the study, commissioned by security company McAfee, are based on published information issued by a variety of governments worldwide and interviews with officials — such as Malaysia's CTO and China's Peoples Public Security University — in 17 countries.

“We were surprised at how bad the data collection was [by different governments and organizations] across the board,” CSIS Senior Fellow James A. Lewis, co-author of the report, told in a Monday phone interview.

“The disparity between cyber crime reporting, from some countries not tracking cyber crime to others with mature processing in place was surprising," Raj Samani, vice president and CTO EMEA at McAfee, said in a Monday email correspondence with “However, overall most have not considered the economic impact it has on their economy.”

Some of the data collection woes could be corrected, Lewis noted, if experts would “come up with a definition of cyber crime. Then we can all work off the same sheet of music.”

Included in the $445 billion estimate, which varies greatly from the $1 trillion figure widely reported in recent years, are the cost of recovering from cyber attacks (which includes damage to company reputation) as well as well as direct and indirect costs, intellectual property loss, the theft of financial assets and sensitive business data, opportunity costs and the expenses associated with securing networks.