Much has been made of the recent data breach at Target, and many place blame squarely on those responsible for making the breach possible. I’ve heard about a few arrests here and there of individuals with stolen credit card numbers, but the company and it’s employees paid the biggest price of all. Certainly negligence played a part here and that should be dealt with, but how much damage was actually done because of the security breach? For Target, and many other companies, it may not even be measurable.
A recent report by the Center for Strategic and International Studies (CSIS) suggests that cybercrime is a growth industry. Why? Because of the high rewards and low risk.
The CSIS report goes on to state that while cybercrime damage is somewhere between $375 and $575 billion, it will be tolerated in countries where cybercrime is less than 2% of GDP. At the high-end, that puts cybercrime estimates at about 0.8% of global domestic product. In the US, it’s 0.64%. If it’s tolerated, is it just a cost of doing business?
I hope not, because there are two factors that could mean the numbers are way off. The report calls these out and they’re important to consider:
- Non-reported Cybercrime: Most cybercrime goes unreported. Many attacks may not even be discovered. Ever. Some companies experience a breach, decide no damage was done and don’t report it. An Australian company reported a breach recently that was three years after the breach occurred.
- Intellectual Property Theft: The damage done due to theft of intellectual property can’t really be measured. Was the stolen property used, put in the hands of a competitor, or sold to another interest? How much damage would each scenario actually do to the victimized company or individual? Hard to measure.
One number that isn’t stressed enough in the report is how these numbers stack up against value provided by the internet. To truly measure the damage cybercrime does, it important to measure it in the context of the value provided by the medium being exploited. Currently, that would put cybercrime at between 15% and 20% of the total measurable value provided by the internet, according to the report (to follow, I don’t think that any retailer would tolerate shrinkage of that magnitude). At that level, cybercrime is truly frightening — and it’s why cyber-security should be a priority for anyone conducting business online.