Report: Cybercrime costs the world $US465 billion annually


It hasn’t been that long since Hackers exposed more than thirty million users of the online cheating site Ashley Madison. Not long before that, some American security researchers managed to hack a car while it was on the road earlier this year as they sat on a couch at home. Chrysler will recall 1.4 million vehicles to fix the flaw.

As even our most banal devices become more sophisticated (cars now have upwards of 30 computers), hacking and cybercrime are as well. And as the Chrysler example shows, this poses a huge risk for business.

A new report from Allianz finds that cybercrime costs the world $US465 billion a year – roughly Norway’s GDP. More than half occurs in the 10 largest economies, but the cost to Australia, with a $1.5 trillion GDP, is still over a $1 billion a year.


Since 2005 there have been over 5000 data breaches in the US alone. Think last year’s iCloud photo hack that saw the photos of hundreds of celebrities leaked. Or the Target hack, where tens of millions of credit card numbers were stolen. This from the Allianz report about the Target hack:

It has been reported that it has cost the company well in excess of $100 million, not including damage to reputation and loss of business, and was followed by the company’s chief executive leaving the post.

As you can see, the risk is more than the loss of consumer confidence from the release of confidential information or the public exposure of a flaw.

Hackers can cause real damage or steal intellectual property such as what happened to Sony, gain an unfair advantage in the sharemarket like some Ukrainian hackers, or like what happened to a French TV Station, disrupt business operations entirely. With Ashley Madison, it seems hackers may have even sunk an IPO.

And as computers become integral to the daily running of our infrastructure, the pressure points only multiply:

Vulnerability of industrial control systems (ICS) to attack poses a significant threat. To date, there have been accounts of centrifuges and power plants being manipulated. However, the damage could be much higher from security sensitive facilities such as nuclear power plants, laboratories, water suppliers or large hospitals.

There are a couple of measures suggested by the report: a mandatory data breach notification law (as in the United States) to force companies to reveal when they are hacked, and a pooling of resources across companies and countries to increase IT security.