McAfee announced today that it has sponsored a first-of-its-kind report quantifying the economic impact of cybercrime. After years of guesswork and innumerable attempts to quantify the costly effects of cybercrime on the U.S. and world economies, McAfee engaged one of the world’s preeminent international policy institutions for defense and security, the Center for Strategic and International Studies (CSIS), to build an economic model and methodology to accurately estimate these losses, which can be extended worldwide. “Estimating the Cost of Cybercrime and Cyber Espionage” posits a $100 billion annual loss to the U.S. economy and as many as 508,000 U.S. jobs lost as a result of malicious cyber activity.
To help measure the real loss from cyber attacks, CSIS enlisted economists, intellectual property experts and security researchers to develop the report. The researchers estimate the range for cybercrime loss to the global economy is between $100 billion and $500 billion. They used real-world analogies like figures for car crashes, piracy, pilferage, and crime and drugs to build out the model. CSIS noted the difficulty of relying on methods such as surveys because companies that reveal their cyber losses often cannot estimate what has been taken, intellectual property losses are difficult to quantify and the self-selection process of surveys can distort the results.
For purposes of the research, CSIS classified malicious cyber activity into six areas:
- The loss of intellectual property
- The loss of sensitive business information, including possible stock market manipulation
- Opportunity costs, including service disruptions and reduced trust for online activities
- The additional cost of securing networks, insurance and recovery from cyber attacks
- Reputational damage to the hacked company
“We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyber activity,” said Mike Fey, executive vice president and chief technology officer at McAfee. “Other estimates have been bandied about for years, but no one has put any rigor behind the effort. As policymakers, business leaders and others struggle to get their arms around why cyber security matters, they need solid information on which to base their actions.”