Though silent and often invisible, cybercrime is an exploding threat to businesses globally. The internet economy generates USD 2-3 trillion annually, and estimates show that cybercrime extracts 15-20 percent, costing businesses USD 400-500 billion a year. According to leading experts in the field, every business connected to the internet can expect to fall victim to cybercrime and the projected cost to the global economy is expected to reach USD 2 trillion each year by 2019 (Morgan, 2016).
While the Internet of Things is making our cities, products, and services increasingly smart, this ease of communication and high level of connectivity also increases the threat of outside entities breaching secured and private systems. Billions of low cost connected devices will be introduced into our daily lives, few of the them built secure by design and with security as part of the operational support model. In 2014, the U.S. Director of National Intelligence ranked cybercrime as the top national security threat in the U.S. – higher than that of terror (PWC, 2014). And in 2015, IBM’s CEO Ginni Romett described Cybercrime as “the greatest threat to every company in the world” (Morgan, 2016).
According to PwC’s 2016 Global Economic Crime Survey, cybercrime jumped from 4th to 2nd place among the most-reported types of economic crime compared to the year before. Nonetheless, the survey also showed a general lack of preparedness. Only 37 percent of respondents – most of them in the heavily regulated financial services industry – have a fully operational incident response plan. Three in ten have no plan at all, and of these, nearly half don’t think they need one (PWC, 2016).
The cybercrime ecosystem has evolved and organisations specialize in different parts of the value chain. This includes a range from vulnerability research to market places where a variety of stolen assets or illegal services are being offered to their end user in a streamlined manner, organized with support as professional services by a regular corporation.
The severity of the threat has made cyber security professionals some of the most sought after forms of talent on the current market. Locating the right cyber security talent is challenging for business and the public sector, and this hunt for qualified candidates is only becoming more difficult. Government estimates put the total number of available and unfilled cyber security jobs at 210,000 in the U.S. alone. It is estimated to be 10 to 12 times more difficult to find specialized cyber security professionals than it is to find general IT professionals (Cisco, 2015). The demand is so high that cyber security jobs pay an average of USD 15,000 more per year than similar non security IT jobs.
Besides the costs to businesses, cybercrime also poses a great threat to essential infrastructural systems. On a global scale, for example, the cost of cybercrime in the energy sector is USD 12.8 million annually, making it second only to the financial services sector (Hogan Lovells, 2016). In a study by the U.S. Department of Homeland Security, it was found that of the approximately 200 breach incidents handled by the DHS cyber security team, a majority of them aiming the energy sector (The Hill, 2014). The critical manufacturing sector appears as the second most targeted industry, which includes vendors of critical control systems to the energy sector.
Though existing in the digital rather than the physical world, cybercrime has proven to be a very real danger, threatening innovation in businesses and the safety of societal infrastructure. Cybercrime is thriving as companies and governments are struggling to cope the situation as the breaches are getting bigger.