Report: Cybercrime causes over $600 billion in damage annually

"It is a low risk crime that provides high payoffs. A smart cybercriminal can make hundreds of thousands, even millions of dollars with almost no chance of arrest or jail."
(Peter Taylor / Flickr)

Cybercrime and espionage have caused more than $600 billion worth of damage annually in recent years, according to new estimates from the Washington, D.C., think tank Center for Strategic and International Studies (CSIS) and American cybersecurity firm McAfee.

“When we talk about impact of cybercrime, really it’s an economic impact with significant ramifications toward things like jobs, opportunity, investment, innovation,” said Raj Samani, McAfee’s chief scientist. “The objective is to change the discussion from this-country-does-that to how cybercrime impacts all of us, why it matters and how to address it.”

The total cost is rising. A 2014 estimate from CSIS put the annual cost of hacking at around $500 billion. Increasingly sophisticated hacking tools, the quick adoption of new technology and the growing professionalization of cybercrime have made it easier than ever to be a profitable crook online.

Even so, cybercrime ranks behind government corruption and narcotics trafficking for annual cost to the world, according to the International Monetary Fund.


“Cybercrime also leads in the risk-to-payoff ratio,” the authors of the report wrote. “It is a low risk crime that provides high payoffs. A smart cybercriminal can make hundreds of thousands, even millions of dollars with almost no chance of arrest or jail. When you think of big cybercrimes, from Target to SWIFT to Equifax, none of the perpetrators have been prosecuted to date. Law enforcement agencies can be aggressive and skillful in pursuing cybercriminals, but many operate outside their reach. This is one reason why the cost of cybercrime continues to grow.”

Plenty of targets

The report’s authors estimate that more than 2 billion people — about two-thirds of the people online today — have had personal information stolen or compromised by hackers. As the number of people online grow, the number of compromises is poised to rise as well because new users usually come from low-income nations with systemic cybersecurity problems.

East Asia, Europe and North America see annual costs ranging from $120 billion to $200 billion each. Higher-income nations tend to be more frequently targeted but lower income nations are often more easily exploited.

Ransomware is spotlighted in the report as the fastest growing cybercrime. In 2015, about $24 million in total ransoms was paid. In 2016, that number jumped to $1 billion, according to the FBI. In 2017, estimates put the total amount of ransom paid at $2 billion.


According to CSIS, the published research is intended to help governments and the public understand the costs of cybercrime — a category of illegal activity that is notoriously opaque and difficult to understand.

“The more that governments understand what those costs are, the more likely they are to bring their laws and policies into line with preventing those sorts of losses,” Stewart A. Baker, a former senior NSA and DHS official, said at the release of the last CSIS report.

‘Almost nothing’ works

To that end, the report’s authors put eight countries under a microscope to study the unique impact of cybercrime on each nation.

“The most disturbing thing we found is that whether a country takes significant efforts against cybercrime or whether it does almost nothing, cybercriminals will still be successful,” the report’s authors wrote.


The think tankers ended the report with recommendations including increased international law enforcement cooperation, improving mutual legal assisatance treaties to request help across borders and up-to-date and standardized laws around the world.

There are numerous “state sanctuaries” called out in the report. Russia, North Korea and Brazil are pointed to as world capitals, for various reasons, of cybercrime that need painful but temporary penalties to pressure for change, according to CSIS. Otherwise, there’s no reason the problem won’t continue to grow.

“There was a recent claim by a law enforcement official saying, oh if we see an attack from such-and-such country then we don’t even bother investigating,” McAfee’s Samani said. “You kind of think to yourself, ‘That’s insane.’ We’re going to have to start small and ensure there is a global, collaborative agreement between law enforcement to work together as fast as possible. It’s crucial.”

Latest Podcasts