WTF Fun Fact 13332 – The Cost of Cybercrime

The global cost of cybercrime in 2022 was $8.44 TRILLION! That cost is only expected to rise, reaching $10.5 trillion by 2025. Studies predict that the costs will skyrocket because cyberattacks are becoming more sophisticated, and more information than ever is stored online.

What is cybercrime?

Cybercrime refers to criminal activities like hacking, phishing, identity theft, and the spread of malware or viruses. Cybercriminals use these tactics to steal private data. That might be financial information, private company data, or personal data. The goal is typically either to profit or to cause physical or reputational damage to organizations and their networks (or all of these).

Cybercrime is a growing problem since more of our personal and professional lives happen online.

Why is the cost of cybercrime so high?

A major factor driving the rise of cybercrime is the increasing interconnectedness of devices and systems. This has created what’s called a larger “attack surface” for cybercriminals to exploit. Once they get into a system, they can move into different parts of a network and gain access to everything from customer information to intellectual property.

Another factor contributing to the rise of cybercrime is the growing use of cryptocurrencies. When criminals demand ransoms in crypto, it’s easier for them to launder and stay anonymous.

The cost of cybercrime is not just financial. Cyberattacks can also result in lost productivity and legal and regulatory costs.

Responding to the next-gen crime wave

To combat the growing threat of cybercrime, organizations continue to invest in security measures like firewalls, encryption, and employee training programs. That last piece of the puzzle may actually be the most important since a lot of cybercrime starts with one employee accidentally or intentionally giving up security credentials.

That’s because cybercriminals use social engineering tactics, like phishing emails, to trick employees into divulging sensitive information or clicking on links that install malware on their devices. If an employee isn’t trained in cybersecurity best practices, they’re far more likely to fall for these schemes. And the result is putting their organization’s data and systems at risk.

Employees also unintentionally compromise security through simple mistakes. These include seemingly innocent things like using weak passwords, leaving their devices unlocked or unattended, or failing to install security updates.

 WTF fun facts

Source: “Cybercrime Expected To Skyrocket in Coming Years” — Statista

WTF Fun Fact 13244 – The Dangers of Paying Ransom

2021 study from Cybereason found that 80% of organizations targeted with ransomware attacks and that paid a ransom were later targeted by a second attack. This adds to the evidence that paying ransom may not always be worth it for companies.

Ransomware and paying ransom

According to experts at Kaspersky, ransomware attacks doubled in the first ten months of 2022 compared to the previous year. This included individuals, government entities, and businesses. They also noted that most attacks originated with phishing emails imitating legitimate agencies to access personal information or credentials.

While companies subject to ransomware attacks face enormous pressure to pay a ransom to protect customer data, this carries risks. The FBI has warned some companies that paying ransom isn’t necessarily going to protect them.

Ransom demands are also rising – in fact, the amounts have increased by 500% in the last two years. The average ransom demand from cybercriminals is now half a million dollars. And while some insurance companies offer cyber insurance, it does not make up for the private data that gets leaked on the dark web.

Cyber insurance may soon become a thing of the past since many companies seem incapable of mounting a secure defense against hackers, and lawsuits pile up as a result.

Once a company pays a ransom, they seem to be a target for new attacks. Up to 80% are targeted a second time.

As of 2021, between 50 and 75% of ransomware targets were small businesses.

The importance of cybersecurity

Recent hacks have had devastating consequences. For example, Australia’s Medibank medical insurance company was hacked in 2021. As a result, people who had sought resources for mental health and addiction had their names and data published on the dark web. Medibank now faces a class action lawsuit. It’s unclear if they considered paying ransom demands.

New Internet of Things (IoT) and mobile devices are at the center of security discussions. It appears these are popular targets for hackers. For example, many recent hacks have targeted unsecured printers that people fail to update. If these are part of a company’s network, cybercriminals can gain access to a printer and move into a company’s entire network.  WTF fun facts

Source: “Ransomware” — NAIC