Threat Intelligence

Global Cost of Cybercrime on the Rise

Pierluigi Paganini
March 2, 2018 by
Pierluigi Paganini


Cyber-criminal activities worldwide continue to increase, in many cases, organized crime rings operate worldwide, and their profits are very high.

The consolidation of a model of sales such as crime-as-a-service, attack-as-a-service, and malware-as-a-service is attracting criminal organizations and wannabe hackers.

According to the experts, the monetization of stolen data and cyber criminals' activities seems to have become less difficult because of the improvements in cybercrime ecosystem (i.e., black markets) and the adoption of anonymizing methods of payment, such as digital currencies. Digital currency makes ransomware payments easier challenging to track.

Cybercriminal organizations operate at scale; everyday crooks attempt to monetize their efforts with a fantastic number of attacks. Below a list of the estimated daily cybercrime activity:

  • 80 billion Malicious scans of the Internet for vulnerable web services;
  • 300,000 to one million new samples of malware;
  • 4,000 ransomware attacks every day;
  • 33,000 phishing messages;
  • 780,000 Records lost due to security breach;

Which is the cost of cybercrime? Due to the intensification of cybercriminal phenomena, it is very difficult hard to provide an estimation of the costs of cybercrime on a global scale. Every day we read about, cyber-attacks, malware infections, data breaches, scams and so on, but these illegal activities are just the tip of the iceberg because in many cases victims do not report crimes to the authorities.

The security experts at McAfee and Cisco published two distinct reports that will help us to have an idea about the economic impact of cybercrime globally.

Global cybercrime costs reached $600 Billion

According to the report recently published by McAfee in collaboration with the Center for Strategic and International Studies (CSIS), the global cost is estimated at $600 billion annually, a worrisome figure that corresponds to 0.8% of the global GDP. Comparing the value with the cost of cybercrime estimated in a past study we can verify that the overall cost is jumped from $500 billion in 2014 to $600 billion (+20%).

"In 2014, taking into account the full range of costs, CSIS estimated that cybercrime cost the world between $345 billion and $445 billion. As a percentage of global GDP, cybercrime cost the global economy 0.62% of GDP in 2014. Using the same methods, CSIS now believe the range is now between $445 billion and $600 billion," states the report.

The increase is mainly caused by the significant increase in theft of intellectual property and confidential business information; intellectual property theft accounts for at least 25% of overall cybercrime costs.

Almost any region suffers cybercrime losses, according to the report there are variations by region that are linked to income levels and level of cybersecurity maturity. The countries with higher losses are the richest ones; the significant cybercrime cost is suffered by Europe and Central Asia ($160 Billion to $180 Billion) and North America ($140 Billion to $175 Billion).

An essential element to consider when estimating the impact of cybercrime is the hidden costs. Crimes like the theft of intellectual property have a dramatic impact on businesses, damages to the reputation, business interruption, recovery costs and opportunity costs, are relevant in case of security breaches.

CSIS sustains that the growth of cybercrime has been enabled by anonymizing networks like Tor and by cryptocurrencies. Crooks can operate a black market hidden in the tor network to allows payments difficult to track.

"Bitcoin and Tor, which have allowed cybercriminals to conceal their identities while paying for services through a digital medium that significantly complicates law enforcement tracking efforts. Bitcoin has long been the favored currency for darknet marketplaces, with cybercriminals taking advantage of its pseudonymous nature and decentralized organization to conduct illicit transactions, demand payments from victims, and launder the proceeds from their crimes," continues the report.

"Cybercriminals benefit from the fact that no personally identifying information is linked to the use and exchange of Bitcoin, allowing criminals to operate with near impunity even though all Bitcoin transactions are publicly recorded."

Financial institutions are a privileged target of skilled crime rings; banks spend three times as much on cybersecurity as non-financial institutions to protect their assets from hackers.

Unfortunately, banks are targeted not only by cyber criminals but also by nation-state hackers. The researchers at the CSIS explained that Russia, North Korea, and Iran are the most active in hacking financial institutions. We have assisted to numerous attacks against banks worldwide powered by the North Korea-linked APT group tracked as Lazaurs. Between 2015 and 2016, alleged North Korean hackers targeted dozens of banks in the SWIFT network and stole tens millions of dollars.

While Iranian hackers are becoming even more aggressive, Russia and North Korea target banks to steal money and finance their campaigns.

"The attacks provided a lucrative means to supplement the North Korean government's limited access to foreign currency. North Korea has also turned to cryptocurrency theft to help fund its regime. North Korean hackers have targeted at least three South Korean cryptocurrency exchanges in 2017," continues the report.

According to the report, Russia leads cybercrime activities worldwide; the reports also highlighted the thin line between crime rings and nation-state actors.

"CSIS believes that Russia leads overall in cybercrime, reflecting the skill of its hacker community and its disdain for western law enforcement. The complex and close relationship between the Russian state and Russian organized crime means that Russia provides a sanctuary for the most advanced cybercriminals, whose attention focuses on the financial sector," continues the report.

Ransomware is a profitable business for the criminal ecosystem. Currently, more than 6,000 black marketplaces offer for sale such kind of malware and related services, an overall offer of more than 45,000 different products.

Another report published by the tech giant Cisco-provided further information about the impact of criminal activities on businesses. The study is based on interviews with 3,600 CISOs.

Cisco report confirms the fear of security breaches is mainly founded on the financial cost of attacks and for this reason, it tried to estimate it based on the CISOs' experience.

Breaches cause real economic damage to organizations, in the majority of cases they can spend weeks, months or years to fix the problems and implement additional measures to prevent further incidents.

According to Cisco, almost any attack will cost to the victims at least $500,000. The cost dramatically increased for 8% of companies in the Cisco report that admitted that cyber-attacks had cost them over $5 million, 11% the companies suffered economic losses between $2.5 million and $4.9 million.

Cisco highlighted the risk of attacks aimed at the supply chain of the companies. These attacks have increased in complexity and frequency.

Figure 1 - Fifty-three percent of attacks result in damages of $500,000 or more (Cisco Report)

According to CISCO, the most challenging areas and functions to defend are mobile devices, data in the public cloud, and user behavior

Recently the leading global professional services company Accenture, working with Ponemon Institute, released another interesting study on cyber-security entitled, "Cost of Cyber Crime Study."

The report states that cybercrime costs are rapidly increasing, with organizations spending nearly 23 percent more than last year, US $11.7 million, on average.

Financial services companies more exposed to cybercrime, cyber-attacks cost them more to address and contain than in any other industry.

The average number of security breaches per company has more than tripled over the past five years; the report states that the figure passed from 40 in 2012 to up 125 in 2017.

The average annualized cost of cybercrime for firms in the Financial industry globally has increased by more than 40 percent over the past three years passing from $12.97 million per firm in 2014 to $18.28 million in 2017.  This figure is higher than the average cost of $11.7 million per company across all industries reported in the analysis.

Figure 2 - Cost of Cybercrime - Financial Industry (source Accenture - Ponemon Institute)

Currently, the types of attacks with the most significant economic impact on banks and insurers are:

  • Denial of service
  • Phishing
  • Social engineering
  • Malicious insiders

Malware and web-based attacks were most costly among attack techniques reported by Accenture/Ponemon, the annualized costs faced by companies reached $2.4 million and $2 million, respectively.

According to this study malware attacks cost $5,000 on average per each security breach, while denial-of-service attacks carried the most severe financial losses, $227,000, followed by phishing and social engineering $196,000.

The above figures suggest that criminals are winning the battle.


Organizations need to better balance investments in cyber-security technologies, all the reports analyzed in this post highlight the huge economic impact of cybercrime on modern businesses.

We expect further growth in cybercrime, the attack surface of modern companies will continue to increase due to the adoption of "internet of things" (IoT) devices and cloud storages.

"Cybercrime will also continue to grow as hackers increase their use of artificial intelligence tools to create malware and identify targets and move into the cloud. Criminals will take advantage of cloud services both as targets and as tools to house malware and launch DoS attacks," concluded McAfee.


Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.

Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.