Almost $1 trillion Annual total losses from cybercrime including downtime

About $ 1 trillion annual total loss from cyber crime, including downtime

According to a survey by McAfee, cyber crime is constantly on the rise for criminals and nation-states.

Using publicly available reports on deficits and no-do-for-you interviews with cybersecurity officials, the company says it was able to recover monetary losses to organizations and countries from cybercrime last year. The estimate was about $ 945 billion (all figures in US dollars), a 50 percent increase over two years.

The total represents not only monetary assets (including cash theft and ransomware payments) and losses from intellectual property, but also a hit for system downtime, incident response costs, reduced efficiency, and brand reputation. Despite global spending on cybersecurity exceeding $ 145 billion in 2020, the longest average interruption in operations was 18 hours, more than half a million dollars per average victim organization.

Called the hidden cost of cybercrime, the authors say part of the increase could be better reporting, as well as better tactics by phishing attackers, phishing schemes and successful use of ransomware.

Despite knowing that cybercrime is a fact of doing business, researchers found that most organizations do not have plans to minimize the impact of security incidents on their actions.

"In fact, IT decision-makers feel that some departments have not been made aware of IT security incidents," the report said. "Surprisingly, more than half of the organization surveyed said they did not have plans to stop and respond to the cyber incident."

Some 1,500 organizations were surveyed for the report. Of the 951, there was a response plan, with only 32 percent saying the plan was actually effective. Typically, the report states, the board or C-suite was not involved in developing the plans.

"One of the biggest challenges is the lack of an organization-wide understanding of cyber risk," the report states. “This leaves companies and agencies vulnerable to sophisticated social engineering strategies, and, once a hack is successful, they fail to recognize the problem in time to stop the spread of malware. Increased (and unavoidable) use of personal devices, such as

Smartphones or tablets expand the attack surface and complicate the management of cyber security. The recovery time and cost can be considerable and often involve external organizations specializing in cybersecurity, public relations and legal teams. "

Only 44 percent of survey respondents said they have plans in place to prevent and respond to IT security incidents. Although 32 percent of decision-makers said, the organization has a plan to prevent IT security incidents, the report argues that they do not seem ready to respond as only 19 percent said a response plan exists. And these plans were not considered

As Useful or Successful: Only 32 percent of respondents found their organization's plans to be completely successful in response to IT security incidents. However, most (62 percent) consider him "somewhat successful", a matter of improvement for the report's authors.

“The reality of cybercity is that we cannot eliminate risk. Best of all, we can manage it. Publicly available information suggests that some companies have lost hundreds of millions of dollars and many more firms have lost tens of millions of dollars, but these losses have proved manageable so far, ”the authors wrote. "Relatively basic measures can improve performance - improved cyber hygiene and, as our survey found, better planning and greater awareness among employees of the cost of cyber crime."