Published July 22, 2013
Cyber evildoers are inflicting serious damage to the world’s already-sluggish economy.
According to a newly-released report sponsored by McAfee, global cyber activity is costing up to $500 billion each year, which is almost as much as the estimated cost of drug trafficking.
In the U.S. alone, the report estimates that cyber crime is the catalyst behind the loss of as many as 500,000 jobs as companies grapple with the loss of coveted intellectual property, confidential strategies that are snooped on, and suffer reputational harm.
“Extracting value from the computers of unsuspecting companies and government agencies is a big business,” the 20-page report from McAfee and the Center for Strategic and International Studies says.
“These losses could just be the cost of doing business or they could be a major new risk for companies and nations as these illicit acquisitions damage global economic competitiveness and undermine technological advantage," the report said.
McAfee, which is a unit of Intel (INTC), and CSIS said their work is the first research to use actual economic modeling to forecast the financial costs of cyber crime.
These costs are only likely to rise as hacking continues to grow in size and intensity.
A report released last week by security firm Prolexic found that the number of distributed denial of service (DDoS) attacks jumped 20% in the second quarter from the first quarter. The average packet-per-second rate of these attacks surged 1,655% year-over-year to 47.4 million.
The CSIS report estimates global cyber activity costs between $100 billion and $500 billion each year, compared with $600 billion in costs associated with drug trafficking and $1 billion to $16 billion in costs tied to piracy..
Cyber crime also has a real impact on employment, which remains painfully low after the worst economic crisis since the Great Depression.
Given that the Commerce Department estimated in 2011 that $1 billion in exports equaled 5,080 jobs, CSIS said the high end estimated cost of about $100 billion translates to approximately 508,000 lost jobs, or a 0.33% decrease in employment.
“If workers displaced by cyber espionage do not find jobs that pay as well or better, the victim country would be worse off,” the report said. “The effect of cyber espionage may be to move workers from high paying blue-collar jobs into lower paying work or unemployment.”
The report cautions that it is difficult to estimate the losses associated with cyber crime, in part because it’s not known precisely how much malicious activity actually occurs as companies and governments attempt to keep many events quiet.
“I’m glad there is an attempt to provide some metrics to this issue. The truth is, it is impossible to quantify the damage to the U.S. economy due to malware attacks,” Dov Yoran, CEO of malware analysis and threat intelligence firm ThreatGRID, said in an email. “Very few organizations will talk about it even after they discover them.”
“How do you measure the long-term drain on the U.S. economy of intellectual property syphoned off by the train loads? How do you measure losing major global projects across various sectors of the economy?” said Yoran. “The truth is you can’t measure them, but there is certainly an economic consequence of lost money and lost projects.”