Cyber crime and economic espionage cost the global economy more than $445 billion annually, which a report from the Center for Strategic and International Studies, says puts cyber crime on par with the economic impact of global drug trafficking.
At $445 billion, the damages amount to nearly one percent of global income. By the think tank's estimates the U.S., Germany and China suffered the greatest economic damage, at $200 billion accounting for close to half of the total. At $100 billion, the U.S. took the greatest hit, followed by Germany at $60 billion, with China rounding off the top three at $45 billion.
The report looked at three categories of “harm,” though it doesn't provide breakdown of the figures. Intellectual property theft is the largest, followed by financial crime — the theft of credit card and other data coveted by criminal rings. The third category is economic espionage or stealing confidential, competitive information.
With acknowledgements by its authors that an international definition of cyber crime would increase the accuracy of cost estimates, the findings in the study, commissioned by security company McAfee, are based on published information issued by a variety of governments worldwide and interviews with officials — such as Malaysia's CTO and China's Peoples Public Security University — in 17 countries.
“We were surprised at how bad the data collection was [by different governments and organizations] across the board,” CSIS Senior Fellow James A. Lewis, co-author of the report, told SCMagazine.com in a Monday phone interview.
“The disparity between cyber crime reporting, from some countries not tracking cyber crime to others with mature processing in place was surprising," Raj Samani, vice president and CTO EMEA at McAfee, said in a Monday email correspondence with SCMagazine.com. “However, overall most have not considered the economic impact it has on their economy.”
Some of the data collection woes could be corrected, Lewis noted, if experts would “come up with a definition of cyber crime. Then we can all work off the same sheet of music.”
Included in the $445 billion estimate, which varies greatly from the $1 trillion figure widely reported in recent years, are the cost of recovering from cyber attacks (which includes damage to company reputation) as well as well as direct and indirect costs, intellectual property loss, the theft of financial assets and sensitive business data, opportunity costs and the expenses associated with securing networks.
Researchers calculated the cost to each country based on the share of national income it represented.
“High-income countries lost more as a percent of GDP, perhaps as much as 0.9 percent on average,” the report said. “This may simply reflect better accounting, but rampant underreporting means that actual losses may be higher.”
In both the U.S. and China, cyber crime loss accounts for about 0.6 percent of the national income.
“Whilst the headline will be the dollar figure the impact on GDP and workforce reduction shows that cyber crime affects all of us,” Samani said.
The report did not single out countries behind the theft of intellectual property, one of the hardest categories in which to gauge cost, but in recent years China and the United States have traded accusations regarding cyber espionage, escalating recently when the U.S. charged five Chinese military officers with hacking large U.S. companies to swipe trade secrets. China fired back, saying it would scrutinize IT products and services for any security flaws that might facilitate cyber crime and reportedly urged its banks to dump IBM servers.
Regardless of the country studied for the report, law enforcement agencies “are overwhelmed,” Lewis said. “They can't keep up.”
Samani called for “greater collaboration between the public and private sector against cyber criminals is critical to combating such crime.”
He pointed to the recent success of the Operation Tovar, which demonstrated “the benefits of law enforcement collaboration and working with private sector with the GameOver Zeus and Cryptolocker communications infrastructure takedown.”