Cyber crime costs the global economy over $1 trillion, or just more than 1% of global GDP, a figure which is up more than 50% from a 2018 study that put global losses at close to $600 billion.
This was revealed by a new report by McAfee dubbed “The Hidden Costs of Cybercrime,” which examines the financial and unseen impacts that cyber crime has around the world. The report, conducted in partnership with the Center for Strategic and International Studies (CSIS), was compiled from interviews of 1 500 IT and line of business decision makers.
The report explored the damage reported beyond financial losses, finding 92% of companies felt effects beyond monetary losses.
A wider attack surface
Steve Grobman, SVP and CTO at McAfee, says the severity and frequency of cyber attacks on organisations increases as adversaries hone their techniques, new technologies widen the attack surface, and work expands into home and remote environments.
“While industry and government are aware of the financial and national security implications of cyber attacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high impact costs,” he says.
In SA, organisations had to scramble to establish work-from-home infrastructure for their staff to ensure business continuity through the COVID-19 lockdown, but compared to more developed markets, few company’s security infrastructure was up to the job for this shift,” adds Carlo Bolzonello, country manager for McAfee SA.
“While many managed the shift, they were unwittingly vulnerable to security breaches, whether they were accidental data leaks, private data being maliciously shared by disgruntled employees, or targeted hacks from global crime syndicates. Organisations equipped with a cloud-based advanced threat management solution that offers complete coverage across the attack lifecycle, would have had the ability to prioritise and protect what matters, easily and efficiently,” he adds.
The report also scrutinised the hidden costs and the lasting impact and damage cyber crime can have on a business, including system downtime, which is a common hazard for around two thirds of respondents’ organisations.
The average cost to organisations from their longest amount of downtime in 2019 was $762 231, and a third of respondents stated IT security incident resulting in system downtime cost them between $100 000 and $500 000.
Another hidden cost emerged as reduced efficiency, as system downtime saw organisations losing, on average, nine working hours a week leading to reduced efficiency. The average interruption to operations was 18 hours.
Then there’s incident response cost. The report highlighted that it took an average of 19 hours for most businesses to move from the discovery of an incident to remediation.
Finally, the report looked at brand and reputation damage and found that the cost of rehabilitating the external image of the brand, working with outside consultancies to mitigate brand damage, or hiring new employees to prevent future incidents is another cost, with 26% saying they had suffered brand damage from the downtime experienced due to an incident.
Unfortunately, the report also uncovered a lack of organisation-wide understanding of cyber risk, which makes businesses vulnerable to sophisticated social engineering tactics and, once a user is hacked, not recognising the problem in time to stop the spread.
According to the report, 56% of the participants admitted to not having a plan to either prevent or respond to a cyber incident. Out of the 951 organisations that actually had a response plan, only 32% believed the plan was effective.