Cybercriminals cost the Canadian economy about $3.2-billion last year, as online attacks increasingly weigh on businesses and consumer confidence, new research shows.
This is a small sliver of a more than $400-billion (U.S.) global problem that is getting worse each year, according to the Center for Strategic and International Studies (CSIS) in Washington, D.C., an effort sponsored by Intel Security. These costs are expected to escalate as more businesses move online to buy, sell and connect with customers. Personal data theft affects millions of people each year, and makes up more than one-third of the annual losses.
The study’s estimate accounts for lost intellectual property and financial assets, the costs of missed opportunities for companies, as well as the expense of recovery efforts – from re-securing networks and getting back online, to the reputational risk to the company’s brand.
What slips through the cracks in this study are the impacts on innovation, national defence and the long-term competitiveness of companies and countries, among other data.
According to the study, cybercrime makes up an estimated 0.17 per cent of Canadian gross domestic product, which was $1.88-trillion in nominal dollars last year. That’s twice the percentage rate of Australia, but nearly one quarter the rate of the U.S., where companies are most exposed to losses.
“Few of the biggest cybercriminals have been caught or, in many cases, even identified,” the report states. The lack of reporting of cybercrime has contributed to incomplete data, and CSIS calls on governments around the world to improve the depth and quality of their data.
“I think it’s a valuable exercise to go through, but it’s also very frustrating. We don’t have access to good, clean data that allows us to draw a [complete] map,” Avner Levin, director of Ryerson University’s Privacy and Cyber Crime Institute. He would like to see more cybercrime information by industry and geography in Canada to shed light on the kinds of attacks that are happening, and where those issues originate.
The CSIS researchers had a “medium” amount of confidence in Canada’s tracking of national cybercrime. But the government is gradually placing more emphasis on improving research and attack-prevention programs, including launching the Cyber Security Cooperation Program earlier this year. There are $1.5-million in funds available to businesses, researchers and local governments for projects that will develop tools or guidance to improve Canadian cybersecurity.
The RCMP recently participated in an international effort to crack down on Russian cybercriminals, seizing two computer servers in Montreal. The crackdown disturbed malware program “Gameover Zeus,” which has caused global losses of $100-million through data theft and blackmail.
“It’s very difficult to get law enforcement agencies to co-operate across borders,” Mr. Levin said. “It’s the kind of thing we need to see more of.”
When data thefts happen at companies, the results can be deeply harmful to brands, as highlighted in last year’s breach at retail giant Target Corp. The company recently replaced its chief executives in both the U.S. and Canada.
More recently, eBay Inc. was hacked, and all 145 million users were asked to change their passwords.
The public relations nightmare that followed these, and other, high-profile cybercrimes might not be translating into big gains for criminal groups. The CSIS report said digital thieves struggle to make a financial profit from stolen data, while their corporate victims are left with huge recovery expenses.
“The whole problem with cybersecurity is that it’s reactive,” Mr. Levin said. “The mindset in the business world is ‘I’d rather not spend the money on it.’”
Mr. Levin thinks companies need to share more information with industry groups about cybersecurity issues and preparations to shed light on companies’ unique vulnerabilities and the sector-wide risks. This information could then be made available to governments, academics and regulators to study.