While the Center for Strategic & International Studies and McAfee estimated the annual cost to the global economy from cybercrime at $375 billion conservatively and $575 billion maximally as of June 2014, at least one expert stands by cost figures that are many times those numbers.
"U.S. companies and the U.S. economy lose approximately $500 billion each year to theft of trade secrets and innovation. This includes all forms of economic espionage where cybercrime plays a major factor. When you factor the 10-year life of the investment in innovation, the total value of the theft reaches $5 trillion or one-third of the U.S. GDP - each year," says T. Casey Fleming, CEO, BLACKOPS Partners Corporation, a Washington, D.C.-based Information Security Advisor to senior executives & boards of the Fortune 500, U.S. government agencies, and universities.
While the enterprise can't stop cybercrime it can become a hard target. To that end, CSO maps the cybercrime economy with its major components, incentives, and seats of power, finalizing with the means for enterprises to avoid victimization by keeping cyber goons from absconding with their digital goods.
Cybercrime entities include countries such as India, France, Sweden, North Korea, Syria, Russia, and China as well as smaller groups inside eastern-block countries. "Organized crime includes the offshoots of the Russian Business Network, who have a very clear understanding of the financial payment supply chain," says Bob West, CISO Emeritus Fifth Third Bank & Bank One, now Chief Trust Officer, CipherCloud.
Cyber spying by public and private concerns is also a piece in the cybercrime economy puzzle. "Cybercrime targets include U.S. companies in the Fortune 500 & 100, small- to medium- businesses, universities, thank tanks, and government agencies," says West.
"The hyper-connected world, the adoption of digital banking, the connection of operational technologies to the Internet, and a surge in mobility have greatly increased the attack surface available to digital criminals, which has led to a gold rush mentality in criminal fraternities," says Colin McKinty, vice president of Cyber Security Strategy, Americas, BAE Systems Applied Intelligence.
The ready availability of free cybercrime applications invites participation in the cybercrime economy by just about anyone. "This creates a services-based cybercrime economy, meaning that even those with limited personal expertise can still achieve significant results," says McKinty.
In addition to a growing attack surface and increasing numbers of free tools, the cybercrime economy thrives due to the profit motives of the thieves who grab an organization's enticing personal identifiable information and intellectual property. "Cybercrime feeds on human weakness and on weak security controls, which are the result of enterprises choosing convenience over security. There are many people in large companies who don't understand what they need to do to protect information as part of their daily routine," says West.
Sign up for Computerworld eNewsletters.