linkedin

Cybercrime Costs to Reach Heights of £1 Trillion in 2022

Michael Aspinall
6 months ago by Michael Aspinall
Image 2022 04 05 T12 23 31

Overview of Cyber Security

Cyber security has become an increasingly important function in recent years as it has climbed its way up the list of top business concerns in 2022. The ever-evolving and present threat of cyber-attacks is estimated to cost businesses and institutions up to £1 trillion, encompassing both financial losses and cybersecurity spending. According to McAfee, this expenditure represents a 50% increase over 2018.

Cyberattacks have become a serious, frequent threat acting as one of the biggest contributors to business interruption. The sudden boom in ransomware attacks and phishing scams, which reinforced the concern of cyber incidents, stemmed from employees working remotely during the pandemic - 62% of UK-based SMEs experienced an increase in cyber threats in the last two years only.

Remote working gave cybercriminals the desirable opportunity to prey on business vulnerabilities. Popular incidents such as phishing emails and malware attacks have led firms to fall victim to double extortion tactics, data breaches, and extensive software exploitations.

With technology constantly evolving, hackers have become more sophisticated, advancing their techniques and approaches. Due to these factors, new attacks are continually developed and implemented in time, to rival the momentum of emerging tech.

The Costs of Cyber Crime

In 2021, the total losses and spending on Cybercrime from firms and institutions reached its highest average in 17 years. Studies, however, have shown that the faster an organisation can respond to a breach, the smaller the expense will be. IBM’s Cost of a Data Breach Report found firms who can identify and respond to cyberattacks within the first 200 days can reduce their costs by £1m.

McAfee’s £1 trillion estimate derives from the monetary losses incurred during an attack alongside the amount spent on preventative tactics. During a breach, as well as dealing with security implications, firms are hit financially on account of investigating costs, unplanned business downtime, and productivity disruption. This grossly outweighs costs of cyber security measures, which often involve new hires and functions within the business, computer security software, as well as brand and reputation rehabilitation. The staggering cost accounts for an estimated spend of 90% on cybercrime and 10% on prevention, respectively.

Companies Unprepared for Cyber Threats

A successful cyber-attack can evoke mistrust and damage to your reputation. However, despite this and the rapid growth in cyber threats, many firms are still not prepared or equipped to deal with them. According to an IT Governance study, 48% of executive managers admitted their employees had not received cyber security training, with even fewer firms at 32% reporting to have no cyber security function within their organisation.

A few companies have found themselves as repetitive victims of cyber scams. Building resilience against this type of business interruption has become a competitive advantage for firms.

There is now higher importance placed on incident response plans due to the high levels of business interruptions encountered in 2021. A lack of uncertainty and processes will minimise the impact of breaches and reduce the time taken to get back to business as usual.

Cyber Attacks in a Conflict Climate

We have seen in 2022 how severe cyberattacks can get when they are involved in macro events such as political conflicts. The Ukraine-Russia war is a prime example of this: since warnings of an imminent attack were announced, Russian-based cyber threats increased by 800% in 48 hours. This has resulted in the monitoring of additional online activity and threat tools, coupled with new implementation of evolving techniques. Firms have been forced to refocus on their cybersecurity as they anticipated financial and business implications.

An example of this is the NotPetya malware attack against Ukraine in 2017. This cyber incident resulted in an estimated $10bn of economic damage, leading to several big companies such as Maersk, FedEx, and Merckb being affected.

According to Microsoft’s Digital Defence Report, Russia is accountable for 58% of all known nation-state cyber attacks, with the top three target countries being the US, Ukraine, and the UK. In February 2022, amid the Ukraine war, Russia’s formidable cyber forces aimed to impose a never-before-seen, wiper malware on Ukraine's ministries and financial institutions - a cyber attack which was detected by Microsoft.

Ever since the beginning of the conflict, Western countries have been gearing up for what would arguably be some of the biggest cyber risks known in recent times. Energy, finance and communications infrastructures have been actively preparing themselves against potential threats, as a result of their country’s stance on the conflict and economic sanctions against Moscow.

In anticipation of this, businesses have been compelled to assess their risk and operations, ensuring that their infrastructure could recover promptly with minimal damage. Expenses have increased accordingly as firms have been racing to secure online systems and to protect digital information and customer data. This may present itself in different forms: updating software, antivirus protection, staff training or even third-party programmes such as authenticators or cyber security firms readjusting supply chains and business operations.

Looking Ahead

Navigating the cyber landscape has become increasingly difficult and consequently expensive. We have found that firms are placing greater attention on data protection but more needs to be done beyond simply preventing breaches. Tremendous importance lies in organisations creating processes to respond to and recover from incidents.

As the year progresses, there are few signs of cyberattacks slowing down; in fact, the age of cyber warfare has only begun. As we proceed in a digital-centric world, evolving technologies will only add to the expansion of unconventional threats, and firms will need to stay ahead of the curve to avoid crippling business operations.