Data breach damage: $2.5 trillion by 2020

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Byron Aco­hi­do, Third Cer­tain­ty

Esti­mat­ing the cost of cyber crime is not easy. The cyber under­ground is com­plex and fast chang­ing.

One bench­mark comes from the Cen­ter for Strate­gic and Inter­na­tion­al Stud­ies, which in a 2013 report esti­mat­ed the total glob­al cost of data theft at $500 bil­lion annu­al­ly.

Now comes Juniper Research, a con­sul­tan­cy based in Hamp­shire, Eng­land, with analy­sis that pegs the glob­al cost of data breach­es ris­ing near­ly 3 per­cent a year, from rough­ly $600 bil­lion this year to $2.5 tril­lion in 2020.

Info­graph­ic: The hack­ers’ swords are break­ing net­work shields.

Juniper Research was found­ed in 2001 by the tele­com indus­try ana­lyst Tony Crab­tree in the midst of the tele­coms and dot-com crash. It spe­cial­izes in read­ing the tea leaves of high-growth mar­kets relat­ing to mobile com­mu­ni­ca­tions tech­nolo­gies.

Free resource: Stay informed with a free sub­scrip­tion to SPWNR

Third­Cer­tain­ty asked Juniper Research ana­lyst James Moar to sup­ply some con­text:

3C: $2.5 tril­lion is a very large num­ber.

James_Moar
James Moar, Juniper Research ana­lyst

Moar: It is more than 10 times the 2013 gross domes­tic prod­uct of British Colum­bia, and more than the GDP for the whole of Cana­da that year.

3C: Why does Juniper believe this tra­jec­to­ry for cyber crime to be inevitable?

Moar: The eco­nom­ics of cyber crime have become much more attrac­tive. As more infor­ma­tion is stored dig­i­tal­ly, and becomes a more cen­tral part of both busi­ness and con­sumers’ lifestyles, there will be many more tar­gets that are poten­tial­ly prof­itable for cyber crim­i­nals.

We there­fore expect the vol­ume of cyber crime and the size of data breach­es to increase in the com­ing years, as crim­i­nals respond to this oppor­tu­ni­ty.

3C: How do you expect this to impact small and mid­size com­pa­nies?

Moar: The impact on small orga­ni­za­tions is dis­pro­por­tion­ate­ly large. The costs asso­ci­at­ed with even small data breach­es are like­ly to take a much larg­er toll on busi­ness­es with a small­er turnover. These busi­ness­es also are less like­ly to have rel­e­vant insur­ance against cyber crime.

How­ev­er, aware­ness of the threats is present, and busi­ness­es are tak­ing steps to pro­tect against a vari­ety of attacks, and we expect that insur­ance and dig­i­tal asset pro­tec­tion will become part of the costs of busi­ness for com­pa­nies of all sizes over time.

3C: What about very large orga­ni­za­tions?

Moar: Very large busi­ness­es will be able to “weath­er the storms” of data breach­es bet­ter than small­er ones, but they also present more vul­ner­a­bil­i­ties in the form of large net­works and her­itage sys­tems that may come from acqui­si­tions, etc.

Small and mid­size com­pa­nies can more eas­i­ly ensure that their sys­tems are pro­tect­ed as they have less of a net­work to keep under con­trol.

3C: Can you point to something—anything—that gives rea­son for hope?

Moar: The use of curat­ed spaces for smart­phones, such as Apple’s online Apple Store, low­ers the pos­si­bil­i­ty of mobile mal­ware sub­stan­tial­ly. With the devel­op­ment of uni­ver­sal apps for Win­dows 10, we expect busi­ness­es that use the sys­tem to be able to con­trol instal­la­tion of soft­ware much more tight­ly, as well as mon­i­tor con­nec­tions between devices secure­ly.

3C: What should indi­vid­u­als and com­pa­nies be wary of near-term?

Moar: As more valu­able things become con­nect­ed, we will see an uptick in ran­somware, but unless these devices also become pay­ment and authen­ti­ca­tion gate­ways, this will be the lim­it of it. As bio­met­ric authen­ti­ca­tion and mobile pay­ment become more com­mon, we expect key log­gers and man-in-the-mid­dle attacks to increase, but the advent of tok­eniza­tion and encryp­tion will make this a chal­lenge for many cyber crim­i­nals.

3C: Any­thing else?

Moar: Mobile and Inter­net of Things mal­ware is a rel­a­tive­ly small piece of the over­all cyber-crime pie, with adware form­ing the bulk of it. We expect spy­ware to become a big­ger ele­ment with loca­tion track­ing now a com­mon part of smart­phones and a nec­es­sary ele­ment in things like con­nect­ed cars, but even then there is the ques­tion of where the gain is for the crim­i­nals.

More on emerg­ing best prac­tices
5 data pro­tec­tion tips for SMBs
What SMBs need to know about CISOs
Pro­tect­ing your dig­i­tal foot­print in the post pri­va­cy era


Posted in Data Breach, Featured Story