“Cybercrime is relentless, undiminished, and unlikely to stop,” writes report author James Lewis, senior vice president at CSIS. “It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low.”

Lewis points to poorly-protected IoT devices as a particular problem. Insecure IoT devices “provide new, easy approaches to steal personal information or gain access to valuable data or networks,” he writes. They also power botnets that can create massive denial-of-service attacks.

Among the other reasons for the growth in the cost of cybercrime:

  • Cybercriminals are embracing new attack technologies.
  • Many new Internet users come from countries with weak cybersecurity.
  • Online crime is becoming easier through cybercrime-as-a-service and other business schemes.
  • Cybercriminals are becoming more financially sophisticated, making it easier to monetize their exploits.

Lewis also suggests that the Tor anonymous browser and Bitcoin are favorite tools of cybercriminals.

How Cyberattacks Cost Businesses

Typically, small and medium-sized businesses underestimate the cost of a cyber attack. A lot of times, business owners believe that they can wait until their businesses get bigger or think they are too small to have to worry about being attacked. The reality is that smaller businesses can be more attractive to cybercriminals if they do not implement security measures, which makes them easy targets.

Cyberattacks can become very expensive for victims. Not only does it include the financial cost of being a cybercrime victim, but also the damage it does to a company’s reputation and overall customer trust.

According to Radware, there are 3 major impacts from a cyberattack that a company needs to consider:

Customer loss can be as large as 41%.
Reputation loss can be as high as 34%.
Operational loss can be as high as 34%.

One of the main factors behind the rise in the cost of a cyber attack is the number of days it can take to resolve it – the longer it takes, the more expensive it gets.

On average, the cost for the UK and the number of days it takes to resolve a cyber attack per type are as follows:

Malware: £1.57 million – 6.4 days

Web-based attacks: £1.52 million – 22.4 days

Denial-of-service (DoS) attacks: £1.31 million – 16.8 days

Malicious insiders: £960,000 – 50 days

Malicious code: £960,000 – 55.2 days

Phishing and social engineering: £960,000 – 20 days

Stolen devices: £700,000 – 14.6 days

Ransomware: £520,000 – 23.1 days

Botnets: £260,000 – 2.5 days

The severity and cost of a cyber attack are increasing with detrimental effects on organizations. It’s crucial that an organization has strong cybersecurity defenses in place to ensure its protection.

Smaller organizations experience a higher proportion of cybercrime costs related to malware, web-based attacks, and phishing/social engineering. A cyber breach will result in a long-term loss in revenue if customers refuse to share their sensitive personal information with a company vulnerable to attacks. The time needed to contain an attack significantly affects the total cost.

For example, if it takes less than 30 days to contain a cyberattack, the average cost is approximately $7.7 million. In contrast, if the time to contain an attack is greater than 90 days, the average cost increases to $12.2 million. While installing and maintaining cybersecurity software remains expensive, keep in mind that one cyberattack can result in millions of dollars in expenses, loss of reputation, and decreased revenue due to hampered day-to-day business operations. Due to a lack of resources and a misunderstanding of the real threat of cybercrime, small businesses represent an easy target for cybercriminals.