COST OF CYBERCRIME STATS

COST OF CYBERCRIME STATS

There’s a lot of data to dig into when it comes to the financial toll of cybercrime. Seeing the shocking figures below could help encourage proactive behavior when it comes to cyber defenses.

The big-picture view is that up to 0.80 percent of the world’s GDP is now being lost to cybercrime, according to McAfee.

Over the next 5 years, companies in the private sector “risk losing an estimated US$5.2 trillion in value creation opportunities from the digital economy—almost the size of the economies of France, Italy and Spain combined—to cybersecurity attacks.

Accenture

Though it constitutes a relatively new criminal economy, cybercrime is already generating at least $1,5 trillion in revenues every year.

Bromium Into The Web of Profit – Understanding the growth of the cybercrime economy

It’s perfectly adequate to feel a bit overwhelmed by these figures. Even when looking at yearly developments, the data is a compelling argument for improving cybersecurity strategies.

In just one year, the initial costs attributable to cyberattacks increased 52% to $1.1 million.

The Trust Factor by Radware

The varied ways in which cyber criminals amass these large sums of money range from massive operations to spray-and-pray attacks, the latter targeting a large number of victims in the hope that it will compromise some of them.

Revenue generation in the cybercrime economy takes place at a variety of levels – from large ‘multinational’ operations that can generate profits of over $1 billion; to smaller, small scale operations, where profits of $30,000- $50,000 are more the norm.

Bromium Into The Web of Profit – Understanding the growth of the cybercrime economy

Wondering how they manage to move these huge sums without being caught? Here’s what the studies reveal about money laundering alone:

Around 10% or more of the estimated $1,6-$2 trillion of laundered money being circulated globally can be attributed to revenues derived from cybercrime – totalling up to $200 billion.

Bromium Into The Web of Profit – Understanding the growth of the cybercrime economy

However, malicious hackers and scammers are also spending money, “investing” in assets that can make their attacks more effective:

A zero-day Adobe exploit can cost $30,000.

A zero-day iOS exploit can cost up to $250,000.

Malware exploit kits cost $200-$600 per exploit.

Blackhole exploit kits cost $700 for a month’s leasing, or $1,500 for a year.

Custom spyware costs $200.

One month of SMS spoofing costs $20.

A hacker-for-hire costs around $200 for a small hack.

Bromium Into The Web of Profit – Understanding the growth of the cybercrime economy

Other things for sale on the Dark Web include access to compromised systems and organizations. Price points start at “50 cents to $400 for RDP access, and roughly $1,000 to $20,000 for broader access to a compromised organization” (Secureworks State of Cybercrime Report 2018).

Marketplaces are larger than one might imagine: just 25 Dark Web sites that provided access to tools and information for cybercriminal activities counted over 3 million registered users (ENISA Threat Landscape Report 2018)!

There are approximately 6,300 marketplaces selling ransomware in the dark web with 45,000 product listings.

Telstra Security Report 2018

It also doesn’t help that unscrupulous hosting providers enable cybercriminals to carry out their attacks anonymously by giving them access to anonymised servers and Internet access for as little as $100-300/month (Secureworks State of Cybercrime Report 2018).

While vulnerabilities, tools, and hosting that enable bad actors to exploit them can be pricey, personal data used in attacks come dauntingly cheap:

Today, account credentials may sell for as little as $0.20 up to $15 USD.

RSA 2018 Current State of Cybercrime

Full data profiles that include biographic information and payment card data, don’t break the bank either: they are advertised for prices as low as $10 to $25 (Secureworks State of Cybercrime Report 2018).

32 dark web prices cybercrime statistics 2019
Secureworks State of Cybercrime Report 2018

A different report confirms these prices: “as of March 2018, ca. 500,000 email accounts with passwords were priced at US $90 in the Dark Web” (ENISA Threat Landscape Report 2018).

Statistics about current and future cybersecurity costs abound and cover multiple angles:

  • $2.1 trillion: The total global annual cost of all data breaches by 2019, as suggested by Juniper Research. (Juniper Research)
  • $1.5 trillion: The total revenue cybercriminals coaxed out of their victims worldwide in 2017. (RSA)

33 general cybercrime statistics 2018-2019
Microsoft

  • $15 billion: the value of cryptocurrency stolen from online exchanges between 2012 and 2017 (2018 Trustwave Global Security Report)
  • Business email compromise (BEC) and email account compromise (EAC) led to financial losses of up to $12,5 billion between October 2013 and May 2018, as reported by the FBI (Secureworks State of Cybercrime Report 2018)
  • $5 billion: the value of associated losses caused by account takeovers in 2017, when this type of attacks tripled in frequency (RSA 2018 Current State of Cybercrime)
  • $5 billion: is the estimate for damages arising from ransomware attacks in 2017 (Europol Internet Organised Crime Threat Assessment (IOCTA 2018)
  • $3.25 billion: global revenue generated by social media-enabled crimes (Bromium Into The Web of Profit – Social media platforms and the cybercrime economy)
  • $3.2 billion: this is the level that global smart grid cybersecurity spending will reach by 2026 (source)
  • $1.7 billion: is how much energy utilities spent in 2017 on protecting their systems from cyber attacks. (The Global Risks Report 2019 – World Economic Forum)

Other criminal groups have targeted ATM infrastructure directly.

In March 2018, Europol arrested “Denis K,” a Ukrainian national and alleged malware developer, in Spain for his part in a series of thefts since 2013 that Europol estimated had cost €1 billion to banks in more than 40 countries.

Spain’s Interior Ministry reported at the time that Denis K had personally accumulated about 15,000 bitcoins (roughly $120 million USD, at the time it was reported) from this activity.

Secureworks State of Cybercrime Report 2018

  • $530 million: the cost of the January 2018 Coincheck hack, the biggest cryptocurrency heist to date. (Time Money)
  • 1% of business executives who consider cybercrime the most disruptive fraud lost more than $100 million as a result (Global Economic Crime and Fraud Survey 2018 by PWC)
  • $50 million: the total cost of cybercrime across 237 major companies in 6 countries. (Micro Focus)
  • $13.5 million (944 million rupees) is how much an Indian bank lost “after hackers installed malware on its ATM server that enabled them to make fraudulent withdrawals from cash machines”  (InfoSecurity Magazine)
  • $4.6 million: is how much loss two individuals caused by conducting large-scale CEO fraud. (Europol Internet Organised Crime Threat Assessment – IOCTA 2018)
  • $3.8 million: the average cost of a data breach to a business. (Microsoft)
  • $2.2 million per month: this is how much money cyber criminals can make with just 10 stolen credit cards bought from the underground markets. This is why formjacking is making a fast comeback as a preferred attack tactic (2019 Internet Security Threat Report by Symantec)
  • $2 million: the average cost of a DDoS attack on an enterprise in 2017 (Kaspersky)
  • $729,000 is how much a businessman lost in a scam combining catphishing and whaling (EY Global Information Security Survey 2018-2019)
  • $660,000 per hour: is how much e-commerce fraud causes in losses. (RSA 2018 Current State of Cybercrime)
  • $500,000: is the average damage 53% of attacks cause. (Cisco Annual Cybersecurity Report 2018)

34 financial damage cybercrime statistics 2019

  • $24,439 – the average cost for a Business Email Compromise hack (Verizon 2019 Data Breach Investigations Report)
  • $292: the average fraud value following a cybercriminals’ takeover of a consumer’s mobile banking account. (RSA)

While financial value is a big aspect of the cost of cybercrime, statistics show there are other losses to consider as well:

Cybercrime was more than twice as likely than any other fraud to be identified as the most disruptive and serious economic crime expected to impact organizations in the next two years.

Global Economic Crime and Fraud Survey 2018 by PWC

  • 40% of surveyed specialists see the disruption of operations as the biggest potential consequence of a cyberattack; 39% fear the compromise of sensitive data, and 32% cite damage to product quality. (The Global State of Information Security® Survey 2018 by PWC)

35 cybercrime risk by sector statistics 2019
Imperva 2019 Cyberthreat Defense Report

  • 61% of CEOs believe that security issues associated with the digital economy are far too big for their organization to handle alone; they also mention that increasing cybersecurity budgets won’t solve the issue (Accenture – Securing the Digital Economy)
  • 43% of executives said the actions required to remediate security incidents were “difficult and expensive.” (Verizon Mobile Security Index 2019)
  • 51% mentioned security spending is driven by previous years’ budgets (Cisco Annual Cybersecurity Report 2018)
  • Criminal revenues driven by social media-enabled fraud increased by over 60% in 2018 from the previous year. (Bromium Into The Web of Profit – Social media platforms and the cybercrime economy)
  • Cybercriminals manage to defraud users on mobile for double the amount they’d normally spend on a genuine transaction on the same channel: $133 – average genuine transaction value, $292 – average fraud value (RSA 2018 Current State of Cybercrime)

Companies spend money because of cybercrime in various ways. For example:

41% of executives surveyed said they spent at least twice as much in 2018 on investigations and related interventions as was lost to cybercrime

PWC

Moreover, they also pay for compromises in other ways. A report mentions that “2 in 5 companies reported negative customer experiences and reputation loss following a successful attack” (The Trust Factor by Radware).

 

Click HERE for source.

Business Ventures