Cybercrime is costing businesses worldwide almost $500 billion a year, depleting jobs from the economy, a new report finds. These crippling losses could have been prevented if companies took cybersecurity threats more seriously.
The report released Monday by antivirus software company McAfee and the Center for Strategic and International Studies is one of the first to show how pervasive cybersecurity threats are in everyday life and extend beyond stolen passwords, emails and identity theft.
Cybercrime ranks among the biggest drains on international economies, along with drug trafficking, counterfeiting, and car crashes, the report said. Businesses spend about $455 billion to clean up after breaches and other security threats.
Large-scale attacks cost victims and companies upwards of $100 million to recover. The U.S., China, and Germany lost the most with a total of $200 billion. The U.S. accounted for half that loss. American companies spent over $5 million per breach in 2012, according to a Ponemon study.
Last year’s Target breach that hit more than 100 million customers, cost banks $200 million partly to issue new credit and debit cards. Almost all businesses in the United Kingdom reported breaches in 2013 that cost small businesses $100,000 and bigger companies $1.4 million per incident on average.
Most of that burden falls on developed countries with robust economies. Because countries such as the U.S. rely more on product innovation for their exports, a hacker could steal ideas and not just customers’ personal information, which leads to a lost of competitiveness and ultimately layoffs.
Stolen ideas affect what kinds of goods a country can export, as well as overall GDP. Small changes to GDP impact employment, shifting workers from well-paid jobs to lower paying ones or unemployment, the report said.
The United States alone stands to lose 200,000 jobs from cybercrime — most of which are in high-paying fields such as new medical technologies, computers and electronics.
Even in the face of significant losses, companies still don’t invest enough in cybersecurity. “[Businesses] lack the incentive to do more because they underestimate risk,” the report said. Instead, companies prioritize cutting costs and boosting profits, a pattern that is more detrimental to companies in the long run.
Recovering from a breach is about five times as expensive as preventing one: For every $5 spent recovering from a breach, companies could spend $1 on encryption which would minimize intrusions, The Wall Street Journal reported.
In the last year, as many as 800 million people had their personal data stolen by hackers, including at least 40 million in the United States, the report said. But businesses, particularly retailers, haven’t beefed up security efforts to keep pace with sales. American retailers only spend roughly 2 percent of their tech budgets on security, even though business is expected to rise 4 percent by 2017, Reuters reported.
That trend is likely to continue unless stronger policies are implemented. Retailers and other businesses aren’t required to invest in cybersecurity, even though the potential damage for consumers is vast. As major security threats such as the Heartbleed bug become more common, some companies are trying to do more to prevent the next big attack. Big name retailers such as Target and Nike recently banded together with federal law enforcement to trade information on potential hacks and software weaknesses.
Those efforts, however, are often undermined by companies delaying on security measures because of upfront costs. Companies are allowed to self-regulate their cyberattack response largely due to the lack of uniform standards. For example, despite being warned years in advance that Microsoft was phasing out Windows XP this year, retailers and banks procrastinated in updating their software, exposing them to cyberattacks.