Global losses from cybercrime now total over $1tn, according to a new report released today by McAfee in partnership with the Center for Strategic and International Studies (CSIS).
"The Hidden Costs of Cybercrime" concludes that cybercrime costs the world economy more than one percent of global GDP. A 2018 study put global losses more than 50% lower, at around $600bn.
Independent technology market research specialist Vanson Bourne was commissioned by McAfee to undertake the research upon which the report is based. Between April and June 2020, researchers interviewed 1,500 IT and line-of-business decision makers.
Respondents came from Australia (200), Canada (200), France (200), Germany (200), Japan (200), the UK (200), and the US (300).
The report focuses not just on the significant financial cost of cybercrime but also on its wider impact on things like company performance and brand reputation. Nearly all (92%) companies surveyed reported feeling effects from cybercrime that went beyond monetary losses.
Over a third (33%) of survey respondents stated downtime caused by IT security incidents cost them between $100,000 and $500,000. The average cost to organizations from their longest amount of downtime in 2019 was $762,231.
More than a quarter (26%) said that downtime caused by cybercrime had damaged their brand. Downtime also reduced efficiency, losing organizations on average nine working hours a week.
“The severity and frequency of cyber-attacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said Steve Grobman, SVP and CTO at McAfee.
“While industry and government are aware of the financial and national security implications of cyber-attacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high-impact costs."
Grobman identified a need for greater understanding of the comprehensive impact of cyber-risk and said that effective plans should be put in place to respond to and prevent cyber-incidents "given the hundreds of billions of dollars of global financial impact."