Cyber Crime Costs Britain $27 Billion

Uploaded on 2020-01-29 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

The British government says the cost of cybercime to the national economy, currenty estimated at £27bn, is already significant and is likely to continue growing.
 
A new UK Cabinet Office Study reveals that the average annual cost to organisations of cybercrime has been escalatinging for all types of cyberattacks. A single malware attack that take place in 2018 cost more than $2.6 million, while ransomware costs rose the most between 2017–2018, from $533,000 to $646,000 (a 21% increase).
 
The ease of access to and relative anonymity provided by information and communications technology (ICT) lowers the risk of being caught, while making crimes straightforward to conduct. 
 
The impact of cybercrime does not fall equally across industry sectors. The results also challenge the conventional wisdom that cybercrime is solely a matter of concern for the Government and critical national infrastructure, suggesting that much larger sectors of industry are at risk. 
 
Businesses need to look again at their defences to determine whether their information is indeed well protected. Without urgent measures to prevent the losing controlof valuable intellectual property  the cost of cybercrime is likely to rise even further in the future as UK businesses increase their reliance on ICT.
 
Encouraging companies in all sectors to make investments in improved cyber security, based on improved risk assessments, is likely to considerably reduce the economic impact of cybercrime on the UK. 
 
Although the existence of cybercrime in the UK economy appears endemic, efforts to tackle it seems to be more tactical than strategic. The problem is compounded by the lack of a clear reporting mechanism and the perception that, even if crimes were reported, little can be done. Additional efforts by the Government and businesses to build awareness, share insights and measure cybercrime would allow responses to be targeted more effectively. 
  • Scareware–cybercriminals mislead individuals into downloading software onto their computer, for example, fake anti-virus software, by using fear tactics or other unethical marketing practices. The software downloaded is often ineffective or may appear to deal with certain types of virus before infecting the computer with its own viruses. Individuals may then have to pay the cyber criminals to remove the viruses and their impacts. 
  • Fiscal fraud–cybercriminals can withhold taxes due or make fraudulent claims for benefits by attacking official online channels (such as online self-assessment forms). The loss of tax revenue directly affects public- sector spending and the Government’s ability to invest in UK infrastructure. 
  • Theft from business–cybercriminals steal revenue online directly from businesses, which usually involves fraudulently obtaining access and looting company accounts and monetary reserves. In some instances, this cybercriminal activity is greatly assisted by an ‘insider’. 
  • Extortion–cybercriminals hold a company to ransom often through deliberate denial of service(for example, by using malware to flood a company server with erroneous internet traffic) or by manipulating company website links, which can lead to extensive brand damage (for example, by redirecting links for a retailer website to an online pornography website). 
  • Customer data loss–cybercriminals steal sensitive customer data from a company such as customer financial, medical or criminal record details) with the purpose of selling the data on to other criminal networks or using it themselves for blackmail attempts. Industrial espionage–this takes many forms, such as arrival organisation (or associated third party) illegally accessing confidential information to gain competitive or strategic advantage (for example, by finding out a rival’s bid price) or to gain insider knowledge for financial gain (for example, by becoming aware at an early stage of a business transactions.  
  • IP theft–cybercriminals, often sponsored by rival organisations or nation states, steal ideas, designs, product specifications, trade secrets, process information or methodologies, which can greatly erode competitive advantage or even the operational or technological advantage prized by nation states over potential adversaries. 
  • Money laundering–cybercriminals use online means to launder the proceeds of criminal acts, for example, through complex, internet-enabled transfers between global or offshore bank accounts. This type of activity is usually associated with organised criminal networks that have a wide or international reach. 
Many cybercrime patterns appear to be fairly stable, but there are some interesting changes appearing.
 
Payment fraud, for example, has more than doubled in value but has fallen slightly as a proportion of payment value; the payment system has simply become bigger, and slightly more efficient. 
 
The move to the cloud means that system misconfiguration may now be responsible for as many breaches as phishing. Some companies have suffered large losses as a side-effect of denial-of-service worms released by state actors, such as NotPetya; we have to take a view on whether they count as cybercrime. 
 
The infrastructure supporting cybercrime, such as botnets, continues to evolve, and specific crimes such as premium-rate phone scams have evolved some interesting variants. Therefore, it would be economically rational to spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more on response. 
 
The growing realisation among policymakers that cybercrime has been growing signifcantly in the past decade  might reasonably lead to for better funded and coordinated police activity.
 
Three Steps To Unlocking The Value In Cybersecurity
 
1. Prioritise training and protecting people-based attacks: Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks, as well as malicious insiders. Ensure you use effective cyber security training as this is a very effective method of reducing an organisations cyber security risks.
 
2. Invest to limit information loss and business disruption: Already the most expensive consequence of cyberattacks, this is a growing concern with new privacy regulations such as GDPR and CCPA.
 
3. Target technologies that reduce rising costs: Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.
 
Please contact Cyber Security Intelligence for more information and effective training for cyber security.
 
GovUK:              Bruce Schneier:     World Economid Forum:         Accenture:          Image: Nick Youngson
 
You Might Also Read
 
The Growing Cost of Cybercrime:
 
 
« Greece And Turkey In Conflict
Britain Allows Huawei 5G Network Access Against US Advice »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Laminar

Laminar

Laminar provides the only Public Cloud Data Protection solution that provides full visibility and enforcement capabilities across your entire public cloud infrastructure.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.