The True Cost of Cybercrime

Cybersecurity remains a top priority, whether you’re a consumer using a smartphone or a government employee working with confidential information. 

Malicious cybercriminals are becoming increasingly sophisticated in their attack methods. Some even leverage emerging technologies, including artificial intelligence (AI) and the cloud, to wreak havoc.

Many business professionals and consumers are afraid of becoming the latest victim of cybercrime for plenty of reasons. However, one major cause of concern regarding cybercrime is the costs associated with experiencing an incident. 

Learn more about cybercrime and how much it costs businesses to recover from a cyberattack.

Uncovering the True Cost of Cybercrime in 2022

In the past few years, the cybercrime landscape has dramatically changed. More digital technologies emerged, expanding the attack surface and making it easier for cybercriminals to do their worst. Despite global efforts to crack down on cybercrime, the statistics and trends paint a different picture.

Cybercrime is running rampant and shows no signs of slowing down. Numerous studies online from established research companies provide insights into cybercrime and its cost. Here are just a couple of examples:

• IBM reports that the average cost of a data breach in the U.S. is $9.44 million, which is $5.09 million more than the global average.
• In their Boardroom Cybersecurity 2022 Report sponsored by SecureWorks, Cybersecurity Ventures found that cybercrime cost the world $7 trillion this year.

The COVID-19 pandemic undoubtedly has impacted every aspect of business and the cybersecurity landscape is no exception. Many threat actors took advantage of people during the pandemic to make a profit, whether stealing banking information from older adults over the phone or creating thorough COVID-19-related scams to steal someone’s identity.

Statista studied 550 organizations throughout 17 countries and across 17 industries that experienced a data breach. In the study, Statista found that the global average cost for a data breach was $4.35 million in 2022.  

Industries Most Vulnerable to Cybercrime

Some industries are more likely to be targeted by cybercriminals than others. There are a few reasons to explain this — certain sectors work with highly sensitive data. If a threat actor could steal that data, they could sell it on the dark web and make a significant profit.

Additionally, the amount of data an organization uses can make them a desirable target. For example, consider a major phone company like Verizon or AT&T. Hackers would be more likely to target these corporations rather than a local phone company, especially if they’re trying to access phone numbers belonging to government officials or other intended targets.

Here are some of the industries most often targeted by cybercriminals:

• Health care
• Small businesses
• Government agencies
• Energy and utility companies
• Education
• Financial institutions

You might wonder why small businesses are considered cybercrime targets. The main reason is that small business owners might think they’re less likely to experience an incident, which is exactly what cybercriminals want them to believe. They would likely have fewer preventive measures, making the hacker’s job much easier.

Costliest Types of Cybercrime

Because cybercrime describes a wide range of attack methods, it’s important to acknowledge which types of cybercrime costs the most. Some attacks are more expensive to recover from than others. 

The FBI’s Internet Crime Complaint Center (IC3) released a 2021 report detailing the costliest types of cybercrime. Here are the results (in million U.S. dollars):

• Business Email Compromise (includes individual account compromise): 2,396
• Investment: 1,456
• Confidence/Romance Fraud: 956
• Personal Data Breach: 517

After personal data breach, the other types of crime were real estate/rental, tech support, non-payment and non-delivery, credit card fraud, corporate data breach and government impersonation. The IC3 also mentions that around $2.4 billion were lost due to business and personal email compromises. 

4 Factors Contributing to the Cost of Cybercrime

The cost of cybercrime is rapidly increasing to staggering amounts. However, what contributes to the cost? What expenses are typically associated with experiencing a cyber incident? Below are four main factors that add to the costs of cybercrime.

1. Regulatory Fines

Companies often have to pay high fines if they experience a data breach. This is mainly because there are several preventive measures companies can take to reduce the chances of experiencing an attack. 

For example, here are some well-known companies and the amount in fines they’ve paid after an attack:

• Amazon: $877 million
• Equifax: (at least) $575 million
• Instagram: $403 million
• T-Mobile: $350 million

Unfortunately, the effectiveness of these cybersecurity strategies varies, meaning companies must understand how much they’ll pay in fines if attacked. 

2. Operational Downtime

When companies experience an attack, they often suffer from operational downtime, automatically resulting in financial strain. For example, the average industrial manufacturer can lose up to $50 billion annually in unplanned costs alone.

Sometimes, failure to invest in data recovery can extend downtime because it takes much longer for the company to get operations back on track. 

3. Reputational Damage

It’s challenging to assign a specific cost to reputational damage, but virtually all companies are subject to the economic effects it causes. 

When a company experiences an attack, many people think it’s due to negligence, an insider threat (like a disgruntled employee) or failure to prioritize cybersecurity. Regardless of what causes reputational damage, it’s a heft cost companies must pay.

4. Legal Costs

Often, companies will hire legal counsel while triaging a cyber incident. These fees add up and can cause significant profit loss for organizations. For example, Home Depot reached a $17.5 million settlement after investigating a data breach in 2014. 

All these costs show just how costly it is to experience a cyber incident.

The Importance of Maintaining a Strong Cybersecurity Posture

It’s no secret that companies big and small do not want to become a victim of cybercrime. It can negatively impact a company, its employees and any other organizations they do business with in several ways. Even though all types of cybercrime can cause damage, business and personal email compromises seem to be the most expensive. 

Rather than react after a cyber incident occurs, it’s much wiser for companies to be proactive and employ various cybersecurity strategies and tools. Ultimately, the goal is to maintain a strong, resilient cybersecurity posture to defend against cybercrime and avoid becoming a victim.