You might think it is a safe bet that the cost of cybercrime will grow year-over-year. When the Ponemon Institute predicted in 2012 that the cost of cybercrime would decline, we were surprised - after all, every indicator pointed toward the opposite. Then just recently, Ponemon released their 2013 ďCost of Cybercrime Study,Ē which shows that they now project that the cost trends are indeed increasing- 26% up in 2013 from the 2012 reported figures.
Certainly the landscape of cybercrime is broad, and as expected cybercrime has become much more sophisticated. Techniques you might only consider in the realm of espionage have become part of the tradecraft of cybercrime. Over the past few decades as the world economy globalized, so too has cybercrime.
In a June 2013 report by the Council on Foreign Relations, the annual cost of cybercrime to the global economy is estimated to be between $114 Billion and $1 trillion. These figures cover everything from cyber-attacks, identity theft and hacking. These costs cover actual damages, loss of intellectual property and the immense cost of resetting and sterilizing every component in a compromised network.
There is so much motivation to exploit and profit from cybercrime that itís hard to imagine what Ponemon was thinking in 2012. Actually, they told us what they were thinking: The studies they released were built using different methodologies. In the 2011 estimates, Ponemon put value on a set of cost factors (notifications) that dropped in 2011. The 2012 model focused on data theft and cyber crime.
The first problem is that these are different models and the reports canít easily be compared. Secondly, as before in their 2011 projections, Ponemon believes that the adoption of various cyber-defenses would reduce the consequences and costs of cybercrime, and that these are maturing and their use will pay off. But I think they are missing the point completely.
As questions go, the elephant in the room is: Why canít we protect ourselves more effectively against cybercrime? The answer has a lot to do with the nature of the technologies and practices that underlie IT systems and networks. The hallmark of commodity IT is that it is cheap. Complicating matters, most IT solutions appear to be cobbled together with more regard to delivering functionality and access than to do so reliably and securely. By our actions, we seem to value access more than we value the information itself.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.