Cybercrime costs businesses approximately $400 billion worldwide, according to this report.
Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion. Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow.
Putting a number on the cost of cybercrime and cyberespionage is the headline, but the dollar figure begs important questions about the damage to the victims from the cumulative effect of losses in cyberspace. The cost of cybercrime includes the effect of hundreds of millions of people having their personal information stolen—incidents in the last year include more than 40 million people in the US, 54 million in Turkey, 20 million in Korea, 16 million in Germany, and more than 20 million in China. One estimate puts the total at more than 800 million individual records in 2013. This alone could cost as much as $160 billion per year. Criminals still have difficulty turning stolen data into financial gain, but the constant stream of news contributes to a growing sense that cybercrime is out of control.
For developed countries, cybercrime has serious implications for employment. The effect of cybercrime is to shift employment away from jobs that create the most value. Even small changes in GDP can affect employment. In the United States alone, studies of how employment varies with export growth suggest that the losses from cybercrime could cost as many as 200,000 American jobs, roughly a third of 1% decrease in employment for the US.
Using European Union data, which found that 16.7 workers were employed per million Euros in exports to the rest of the world, Europe could lose as many as 150,000 jobs due to cybercrime (adjusting for national differences in IP-intensive jobs), or about 0.6% of the total unemployed.
These are not always a “net” loss if workers displaced by cyber - espionage find other jobs, but if these jobs do not pay as well or better. If lost jobs are in manufacturing (and “the main engine for job creation”) or other high-paying sectors, the effect of cybercrime is to shift workers from high-paying to low-paying jobs or unemployment. While translating cybercrime losses directly into job losses is not easy, the employment effect cannot be ignored.
The most important cost of cybercrime, however, comes from its damage to company performance and to national economies. Cybercrime damages trade, competitiveness, innovation, and global economic growth. What cybercrime means for the world is:
- The cost of cybercrime will continue to increase as more business functions move online and as more companies and consumers around the world connect to the Internet.
- Losses from the theft of intellectual property will also increase as acquiring countries improve their ability to make use of it to manufacture competing goods.
- Cybercrime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors.
- Governments need to begin serious, systematic effort to collect and publish data on cybercrime to help countries and companies make better choices about risk and policy.