Earlier this week, I had the privilege of sitting on a panel at the Center for Strategic and International Studies (CSIS) for the global unveiling of a new McAfee-sponsored report titled “Net Losses: Estimating the Global Cost of Cybercrime.” This report, which builds on the methodology and results of last year’s US-centric report, creates a framework to measure the total cost that cybercrime and cyber espionage inflict on the global economy.
We chose to partner with CSIS as it is regarded as the premier international think tank in the world for issues of international affairs and security and has an impressive roster of technology and policy experts. For this endeavor, CSIS commissioned James Lewis, Senior Fellow of the Strategic Technologies Practice and respected cybersecurity expert, and Stewart Baker, a Steptoe & Johnson partner with decades of leadership experience in the U.S. executive branch and private sector, to conduct research and author the report. At the rollout event, Jim, Stewart and I were joined by McAfee’s Public Sector VP and CTO Scott Montgomery and homeland security consultant and former administration official Paul Rosenzweig. We dove into the high-level findings from the report and engaged in a dialogue about the path forward for thwarting international cybercrime.
The results of the study show that cybercrime is growing. Our best estimate is that cybercrime costs the global economy about $445 billion, roughly equal to 0.5-0.8 percent of global GDP. In the U.S. cybercrime costs the total economy $100 billion and roughly 200,000 jobs. In the EU, the total was roughly 150,000 jobs. Personal Information breaches alone cost the global economy nearly $160 billion, with 40 million individuals reporting data breach losses in the U.S. As cybercrime costs roughly 15-20 percent of the total value of the internet economy, it acts as a tax on innovation and growth in IT.
Generally speaking, the report found that wealthier nations were more heavily affected by cybercrime losses than less developed nations. This makes sense, as more developed nations tend to rely on the internet for economic activity, especially in areas like finance or retail. However, the report also noted that cybercrime will grow more quickly in developing nations in the future, as citizens in these countries rely more heavily on mobile computing, which can be less secure. In either case, countries will realize higher economic gains in their quickly growing technology sectors if they can mitigate the damage from cybercrime.
Overall, this report conveys the positive economic benefit that stopping cybercrime can have on the global economy. McAfee recommends that countries start to do a better job of accounting for the aggregate losses due to cybercrime. Countries also need to engage in strong public/private partnerships to share information in real time and coordinate on efforts to thwart cyber criminals. Finally, businesses and governments need to look to new ways to protect themselves with intelligent, integrated solutions.
There is reason to be optimistic that this message is already getting through, and that governments worldwide are taking starting to take the necessary precautions and engage in the essential public/private and multilateral partnerships that can help defang cybercriminals. Recently, McAfee worked with the FBI and law enforcement entities from 11 countries in Operation Tovar, which disrupted one of the largest botnets in the world.