Data breach damage: $2.5 trillion by 2020
By Byron Acohido, Third Certainty
Estimating the cost of cyber crime is not easy. The cyber underground is complex and fast changing.
One benchmark comes from the Center for Strategic and International Studies, which in a 2013 report estimated the total global cost of data theft at $500 billion annually.
Now comes Juniper Research, a consultancy based in Hampshire, England, with analysis that pegs the global cost of data breaches rising nearly 3 percent a year, from roughly $600 billion this year to $2.5 trillion in 2020.
Juniper Research was founded in 2001 by the telecom industry analyst Tony Crabtree in the midst of the telecoms and dot-com crash. It specializes in reading the tea leaves of high-growth markets relating to mobile communications technologies.
Free resource: Stay informed with a free subscription to SPWNR
ThirdCertainty asked Juniper Research analyst James Moar to supply some context:
3C: $2.5 trillion is a very large number.
Moar: It is more than 10 times the 2013 gross domestic product of British Columbia, and more than the GDP for the whole of Canada that year.
3C: Why does Juniper believe this trajectory for cyber crime to be inevitable?
Moar: The economics of cyber crime have become much more attractive. As more information is stored digitally, and becomes a more central part of both business and consumers’ lifestyles, there will be many more targets that are potentially profitable for cyber criminals.
We therefore expect the volume of cyber crime and the size of data breaches to increase in the coming years, as criminals respond to this opportunity.
3C: How do you expect this to impact small and midsize companies?
Moar: The impact on small organizations is disproportionately large. The costs associated with even small data breaches are likely to take a much larger toll on businesses with a smaller turnover. These businesses also are less likely to have relevant insurance against cyber crime.
However, awareness of the threats is present, and businesses are taking steps to protect against a variety of attacks, and we expect that insurance and digital asset protection will become part of the costs of business for companies of all sizes over time.
3C: What about very large organizations?
Moar: Very large businesses will be able to “weather the storms” of data breaches better than smaller ones, but they also present more vulnerabilities in the form of large networks and heritage systems that may come from acquisitions, etc.
Small and midsize companies can more easily ensure that their systems are protected as they have less of a network to keep under control.
3C: Can you point to something—anything—that gives reason for hope?
Moar: The use of curated spaces for smartphones, such as Apple’s online Apple Store, lowers the possibility of mobile malware substantially. With the development of universal apps for Windows 10, we expect businesses that use the system to be able to control installation of software much more tightly, as well as monitor connections between devices securely.
3C: What should individuals and companies be wary of near-term?
Moar: As more valuable things become connected, we will see an uptick in ransomware, but unless these devices also become payment and authentication gateways, this will be the limit of it. As biometric authentication and mobile payment become more common, we expect key loggers and man-in-the-middle attacks to increase, but the advent of tokenization and encryption will make this a challenge for many cyber criminals.
3C: Anything else?
Moar: Mobile and Internet of Things malware is a relatively small piece of the overall cyber-crime pie, with adware forming the bulk of it. We expect spyware to become a bigger element with location tracking now a common part of smartphones and a necessary element in things like connected cars, but even then there is the question of where the gain is for the criminals.
More on emerging best practices
5 data protection tips for SMBs
What SMBs need to know about CISOs
Protecting your digital footprint in the post privacy era