According to a new study from the Center for Strategic and International Studies, global cyber-crime costs nations over $400 billion annually, with the United States’ losses accounting for about one quarter of that total. Perhaps what’s most shocking about the report is that because some countries don’t track cyber crime and because some companies don’t report it, the study’s authors recognize their findings as incomplete, which means that the staggering estimate is a low-balled figure.
The report’s authors collected data from 51 nations who monitor cyber-crime, and then combined that information with CSIS survey data of countries and business who don’t track cyber-crime. The results of the study show that cyber-crime seriously harms the cyber-economy, with impacts varying from region to region.
“Studies estimate that the Internet economy annually generates between $2 trillion and $3 trillion, a share of the global economy that is expected to grow rapidly,” says the report. “If our estimates are right, cybercrime extracts between 15 percent and 20 percent of the value created by the Internet.”
The question at hand now is what can be done?
The Heartbleed vulnerability, one of the most recent cyber-crime crises that caused hundreds of peoples’ identities to be stolen, is the result of Congress’s lack of cyber security legislation, said Homeland Security Department (HSD) officials.
“While there was rapid and coordinated federal government response to Heartbleed, the lack of clear and updated laws reflecting the roles and responsibilities of civilian network security caused unnecessary delays in the incident response,”
said Larry Zelvin, director of the DHS’s National Cybersecurity and Communications Integration Center.
The problem with cyber security legislation is that the bills are often vaguely worded, which could lead to an abuse of the legislation’s powers. Each attempt at cyber security legislation, like the notorious Cyber Intelligence Sharing and Protection Act, has been met with swift and fierce public outcry.
“As threats and overall technology continue to increase in sophistication and size, Congressional legislative proposals have become more outdated. One of the policy reforms needed is the adoption of flexible and forward-thinking language recognizing that technology outpaces the legislative process,” says Maria Sanders, Chief Operating Officer at Legislative Intent Service.“Additionally, legislative proposals must take into account the nature of the cyber threat, the role of private sector, and a reasonable balance between security and privacy.”
Despite a lack of clear direction, something needs to be done in light of the report, which estimated that total annual losses range between $375 billion and $575 billion. According to the report, “Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow.”