Cybercrime cost the world over $1 trillion in 2020
With our lives increasingly taking place online, cybercrime is more profitable than ever. Last year, global losses from cybercrime reached record-highs.
According to the data analyzed by the Atlas VPN team, cybercrime cost the world more than $1 trillion in 2020 — around 1% of global GDP. While $945 billion were lost due to cyber incidents, $145 billion were spent on cybersecurity.
The numbers are based on the Hidden Cost of Cybercrime report by McAfee (released in December 2020), which compiled data from publicly available sources on national losses and interviews with cybersecurity professionals from 1,500 companies in Japan, Australia, Germany, France, the United Kingdom, Canada, and the United States.
Overall, cybersecurity costs in 2020 went up by more than 50% compared to 2018, when over $600 billion was spent to handle cybercrime. In the meantime, losses due to cyber incidents surged by 81% compared to two years ago when damages were $522.5 billion.
In the seven years, such losses increased more than threefold from $300 billion in 2013 to $945 billion in 2020. The government sector suffered the most from insider threats, while the healthcare industry from ransomware attacks.
The most expensive cybercrime types were intellectual property theft and financial crime, which make up two-thirds of all monetary losses. In total, 92% of respondents also said they incurred other non-monetary damages, such as loss in productivity and wasted work hours.
More disturbingly, our research also suggest that cybercrime services cost less than $500 on the dark web. Thus, such prices might affect the increase of cybercrime. In 2021 YTD, Americans alone lost $3.5bn to cybercrime.
One in five organizations do not have any cyber incident prevention plan
While cybercrime risks are rising every year, many organizations still fail to recognize them. One-fifth (20%) of organizations worldwide have no plans on how to protect against cybercrime events.
Overall, 19% of organizations have arranged cybersecurity incident response programs but do not have a prevention plan. However, only 32% of the respondents believed their organization’s programs were truly successful in responding to IT security events. What is more, 1% of companies do not have any cyber incident strategies whatsoever.
Japan has the biggest share of organizations that are not ready to handle cyberattacks — 4% of businesses in Japan have no plans on how to prevent or respond to cybersecurity incidents. Meanwhile, in the United States, all organizations have at least one of the security plans in place.
On the flip side, the majority — 44% of organizations worldwide — are well-prepared to prevent and react to cyber incidents. In the meantime, 33% of businesses globally have only created prevention strategies, however, have not thought out how to respond to cybercrime events.
Organizations in Canada are the leaders when it comes to cybersecurity practices. More than half (55%) of the surveyed organizations there have planned out how to protect against cybersecurity incidents and how to manage them if they happen.
Reactive vs preventive cybersecurity practices
Generally, cybersecurity strategies could be classified into two types — reactive and preventive. Let’s discuss them in more detail.
A reactive cybersecurity strategy involves dealing with the aftermath of cyberattacks. Companies may try to identify the cause and damage caused by a cyber incident, recover lost data, fix vulnerabilities, and notify relevant parties about the event.
On the other hand, a preventive cybersecurity plan includes tactics aimed at protecting the company from cyberattacks or at least minimizing any potential damages. Therefore, organizations that have implemented preventive security strategies suffer less from cybercrime.
The preventive strategy involves regularly analyzing and identifying potential threats, allocating resources to fix any cybersecurity loopholes, educating employees, and implementing security guidelines. It is essential considering that the number of breached records continue to increase.
No organization is completely immune to cyberattacks, while their consequences can be devastating. Therefore, both strategies are essential if a company wants to mitigate cybersecurity risks. Having an action plan should your company get hacked is just as important as safeguarding it against such threats.