Cybercrime is costing businesses close to $600 billion, or 0.8 percent of global GDP, according to a report released today by McAfee, in partnership with the Center for Strategic and International Studies (CSIS). The estimated number is up from a similar 2014 study that put global losses at about $445 billion. The report attributes this growth to cybercriminals quickly adopting new technologies, the ease of engaging in cybercrime—including an expanding number of cybercrime centers—and the growing financial sophistication of top-tier cybercriminals.

Estimated daily cybercrime activity
Source: McAfee / CSIS 2018 report— From the report: “Cybercrime operates at scale. The amount of malicious activity on the internet is staggering. One major internet service provider (ISP) reports that it sees 80 billion malicious scans a day, the result of automated efforts by cybercriminals to identify vulnerable targets. Many researchers track the quantity of new malware released, with estimates ranging from 300,000 to a million viruses and other malicious software products created every day. Most of these are automated scripts that search the web for vulnerable devices and networks. Phishing remains the most popular and easiest way to commit cybercrime, with the Anti-Phishing Working Group (APWG) recording more than 1.2 million attacks in 2016, many linked to ransomware. This number may be low since the FBI estimated there were 4,000 ransomware attacks every day in 2016. The Privacy Rights Clearing House estimates there were 4.8 billion records lost as a result of data breaches in 2016, with hacking responsible for about 60% of these.”

— Data on cybercrime remains poor: The authors suggest data on cybercrime remains poor because of governments around the world underreporting and being negligent in their efforts to collect data on cybercrime.

— Recommendations: Although the report is mainly focused on cybercrime estimations, and not recommendations, it has offered the following as a matter of obvious steps based on their cost analysis:

• Uniform implementation of basic security measures such as regular updating, patching, open security architectures and investment in defensive technologies.
• Increased cooperation among international law enforcement agencies both with other nations’ law enforcement agencies and with the private sector.
• Improved collection of data by national authorities
• Greater standardization and coordination of cybersecurity requirements particularly in key sectors like finance.
• Development of the Budapest Convention, a formal treaty on cybercrime which has made slow progress in the face of opposition from Russia and other countries.
• International pressure on state sanctuaries for cybercrime; imposing some kind of penalty or consequence on governments that fail to take action against cybercrime.