Individuals and businesses can expect to pay more to protect themselves from cybercrime, year over year, for the indefinite future. In fact, cybercrime damages could cost an annual $6 trillion (with a steady increase from there) starting in 2021(according to Cybersecurity Ventures). Considering cybercrime was only a consideration for the most technologically advanced organizations just a couple of decades ago, this growth rate is egregious—and could be affecting your profitability.
So why is cybercrime getting so expensive, and how much further could it grow?
The Costs of Cybercrime
Let’s start by breaking down the total costs of cybercrime:
- Prevention. For starters, even small businesses need to start investing more, as a baseline requirement, to proactively monitor potential breaches. That means building more secure databases, testing their systems, training their employees, and constantly monitoring for threats. That requires lots of time and expertise, which can cost significant money.
- Direct losses. In some cases, a cyberattack may result in direct losses, such as a cybercriminal stealing money or purchasing goods illegitimately. Companies may also be responsible for compensating their customers for any damages that resulted from a breach; Target, for example, paid more than $18.5 million for a 2013 cyberattack that affected 41 million of its customers.
- Recovery. Then, companies need to worry about recovery. It can take more than 50 days to resolve a malicious cyberattack, even with the help of experts; companies are responsible for tracing the root of the attack, acknowledging what went wrong, and in some cases, undoing some of the damage. Companies also have to think about the blow to their reputation, and find a way to mitigate the PR damage associated with it.
- Repair. Finally, companies need to invest in more protective systems, potentially rebuilding any structures that were compromised in the attack and establishing better protocols to prevent those types of attacks in the future.
The Precipitating Factors
Costs in each of the four above areas are on the rise. So what’s responsible for this gradual creep?
- Increasing reliance on data and technology. First, consumers are becoming more and more reliant on data and technology for functions throughout their daily lives. Companies now require immense databases, and consumers find themselves connected to the internet practically 24/7. This means there’s more potential data for cybercriminals to exploit, and more value to be taken.
- More total targets. It also means there are more total targets available to attack around the world. Companies in almost every industry have the potential to be exploited for massive profit, and any individual with a smartphone or an email account can be a potential target.
- More lucrative targets. In addition to being more plentiful, targets are also becoming more lucrative, thanks to advancing technology. Take cryptocurrency as an example; earlier this year, hackers made off with more than $530 million in cryptocurrency when they breached crypto exchange Coincheck. The medical industry, too, is becoming a more lucrative target thanks to the digitization of patient records, which often contain valuable personal data in improperly secured systems.
- Entry-level vulnerabilities. Though not a new problem, this is an issue that makes the increased number and value of targets far worse. You don’t need to be a skilled technical hacker to commit a cybercrime; sometimes, all you need is a clumsy peer who chooses an easy-to-guess password, or the social engineering skills to convince someone to give you their credentials. Logging into someone else’s account, you could feasibly have access to an entire company’s database. Because almost anyone can become a “hacker” in this way, the total number of hackers is increasing (along with the total number of attacks).
- Safe havens. Another issue is the number of safe havens cybercriminals may find throughout the world. Countries like Russia, China, and North Korea have no issue with the cybercriminals in their midst, so it’s relatively easy for a hacker to gain protection and continue attacking companies and individuals from a distance. It doesn’t help that many of these countries may also be launching their own cyber espionage attacks against the United States and other Western countries.
- System sophistication. Finally, because our technology is getting more advanced, and brute-force breaches are becoming smarter, we have to invest more in order to protect ourselves. We need better, more advanced technology and more talented people on our sides—and those both come with a hefty price tag.
The cost of cybercrime is unlikely to go down anytime soon, and may not stabilize for many years. The more advanced our technology becomes, and the further it reaches, the more vulnerable we are—and that vulnerability is associated with a cost. Still, the most cost-efficient way to address these expensive challenges is to invest in proactive security measures; building better systems and protecting them will always be cheaper than trying to recover from a direct attack.