Global Cybercrime Losses Exceed $1 Trillion

A report from security software giant McAfee estimates that worldwide, annual losses from cybercrime now stand at over $1 trillion, an increase of more than 50 percent since 2018, with crime surrounding cashless payments a growing issue.

The Hidden Costs of Cybercrime—conducted in partnership with the Center for Strategic and International Studies—points out these losses are around one percent of global GDP, with 92 percent of companies reporting effects beyond the financial hit. These included downtime, loss of productivity, and damage to their brand and image. At the same time, the number of counterfeit banknotes and coins in circulations has been dropping year on year and is generally at a record low.

Financial cybercrime is highlighted as a key problem area, with an estimated five billion unique user credentials—such as username and password combinations—available on the darknet for illegal use. Even central banks have been successfully targeted, with a high-profile example being the 2016 hack of Bangladesh’s central bank by North Korean criminals, who stole $81 million.

Cryptocurrency theft is another major trend, with over $4 billion of cryptocurrency stolen throughout 2019, and almost $1.4 billion stolen in the first five months of 2020. Common tactics include phishing, malware and insider theft of coins from e-wallets. A related, emerging trend is cryptojacking, in which malware is installed on a victim’s devices, using them to mine for cryptocurrencies. This can cause severe slowdown on affected devices, and draw higher than usual electricity.

The report makes recommendations for businesses including uniform implementation of basic security measures, cybersecurity awareness training for staff, and the development of prevention and response plans.

In a recent deep dive into corporate surveillance, the Electronic Frontier Foundation recommended paying cash as one way to preserve privacy. This also holds true for cybercrime, since using physical money can be done anonymously, leaving no electronic trail that can be monetised by companies and hacked by criminals.