Cybercrime costs the global economy between US$100 billion and US$500 billion annually, according to a study released on Monday which acknowledged more data is needed for precise estimates.
The study by the security firm McAfee and the US Center for Strategic and International Studies (CSIS) said the US economy loses about US$100 billion to cybercrime and cyberespionage, including loss of key business data and intellectual property.
The estimate is lower than some earlier reports, which put the costs as high as US$1 trillion, but study authors said it was a matter of narrowing the range of damage from cyberattacks.
“It will always be a range,” said James Lewis, a CSIS academic on cybersecurity and co-author of the report.
“The data is either sparse or distorted,” he said.
However, Lewis said the report offers a better way to compare the cost of cybercrime to other types of risks such as drug trafficking or other types of theft.
“We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyberactivity,” McAfee chief technology officer Mike Fey said.
“Other estimates have been bandied about for years, but no one has put any rigor behind the effort,” he said.
The report said the impact of cybercrime includes loss of intellectual property and confidential information; reduced trust for online activities; additional costs for security, insurance and recovery; and damage to reputations.
Lewis said the impact on business could translate into the loss of as many as 508,000 jobs in the US, based on a government formula for the ratio of exports to US jobs.
“The raw numbers might tell just part of the story,” he said.
“The effect of the net loss of jobs could be small, but if a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effect could be wide-ranging,” he said.