Computer security software company McAfee in partnership with the Center for Strategic and International Studies has released a new report that paints a grim picture of global cybersecurity threats. The Hidden Costs of Cybercrime surveyed 1,500 companies around the world about their cybersecurity preparedness and how they have been affected by cybercrime since 2018.

Cybercrime Losses Have Nearly Doubled

A similar report in 2018 found that companies globally lost about $600 billion as a result of cybercrime. This year’s report puts that figure at $1 trillion. It considers the actual monetary cost of attacks (about $945 billion, or 1 percent of global GDP), as well as money spent on cybersecurity (expected to top $145 billion by the end of 2020).

The report notes that better reporting might partly explain the dramatic rise since 2018. But the high rate of return on cyberattacks, the relatively low risk of capture or punishment, and our increasing reliance on the internet in our daily lives means that cybercrime will continue to pose a significant threat.

The theft of intellectual property, financial crimes, and ransomware attacks accounted for two-thirds of the total monetary losses from cybercrime, according to the report. Data breaches occur more and more frequently, but the real money remains in targeting multinational companies, healthcare providers, and financial firms that have valuable IP or that are more likely to pay a ransom to restore their network operations.

What Are the Hidden Costs?

Aside from the obvious monetary losses from cybercrime (theft of money or IP, ransom payments, etc.), the report cites other costs that sometimes get overlooked.

  • Opportunity costs: these range from lower productivity and reduced research and development spending to risk-averse behavior and larger cyber-defense budgets.
  • System downtime: this is a normal result of cyberattacks, but it can affect organizations differently. An attack on cosmetics company Avon prevented customers from placing orders for nearly a month.
  • Reduced efficiency: organizations lost nine work hours on average because of downtime, but the costs for larger victims were much higher. An attack on Danish shipping giant Maersk cost the company billions as a result of reduced efficiency and downtime.
  • Brand damage: this can be both catastrophic and difficult to track. The cost depends not only on if you get attacked, but also on how you respond. a 2017 survey found that 87 percent of consumers would change suppliers if they did not trust how their data was handled.
  • Incident response costs: this refers to the time it takes from the discovery of an attack to restoration of normal services. It can also include settlements and client remediation services. After the 2017 Equifax data breach, the company paid $425 million in lawsuit settlements and benefits to help people affected by the breach.

Companies Still Fail to Prepare for Attacks

Despite the growing costs and frequency of attacks, the report also found that many companies still fail to put adequate security measures in place. This includes not only plans for preventing attacks but a clear strategic response when attacks occur.

Only one percent of the 1,500 companies surveyed for the report said they had neither a plan for preventing attacks nor a plan for responding when attacks occurred. Three percent said they didn’t know if any plans existed. But less than 50 percent said they had both a prevention and response plan. A greater number of companies (32 percent) said they had only prevention plans in place than those that had only response plans (19 percent).

Most cybersecurity guidelines, including those of the National Institute of Standards and Technology, suggest a comprehensive plan for prevention and response. Protocols should be regularly updated and tested to ensure their effectiveness when an actual crisis occurs.

SecureData has helped professionals in healthcare, financial services, law, energy, and other sectors to prepare for cyberattacks before they strike. Making our SecureDrive® line of external portable storage devices a part of your cybersecurity plan can reduce exposure to attack and secure your data in the event of a data breach.

Our SecureDrive® BT and SecureUSB® BT hard disk and flash drives are FIPS validated and hardware encrypted, OS/host independent, and work on any device witha  USB port. They also come with a free year of DriveSecurity® ESET antivirus protection.

Our Remote Management License can be added at any time to manage an unlimited number of SecureDrive® BT devices. It offers even more control with features that include geo- and time-fencing, user logging, and remote wipe capabilities.

Securing your data requires a comprehensive, adaptable, and tested defense. Call us at 1-800-875-3230 to learn more about how we can help.