As a cybersecurity professional, how numb have you become to vendors who try to scare you with frightening statistics in an effort to sell you a new product? It is understandable that a vendor has to present as much information in a limited amount of attention-grabbing time, so their doomsday technique makes some sense. Perhaps the vendors’ approach is faulty, as the numbers are quite frightening indeed. There is definitely a larger point to be made.

The intention of this article is not just to put scary numbers out there. We have enough FUD in the industry. But some alarming numbers are worth sharing. In 2016, the National Institute of Standards and Technology (NIST) estimated that the United States lost up to $770 billion to cybercrime. To provide some sense of scale to that very large number, the entire 2019 U.S. Department of Defense had a total budget of $668 billion. Only 20 countries have a gross domestic product (GDP) this large. But that was 2016. The losses have been growing ever since. 

It’s on the rise. And it is expensive.

According to The Herjavec Group, worldwide losses from cybercrime will double between 2015 to 2021 form $3 trillion to $6 trillion worldwide. All these budget numbers, country designations, and accompanying statistics are a bit overwhelming. This is sort of like the vendor problem of too much information wrapped into one dire scenario.

Let’s shift the way we look at this by creating a fictional country named “Scamlandia.” If the entire worldwide cybercrime income was attributed to Scamlandia, only the United States, China, and the aggregated European Union’s GDP would be larger. To expand on this idea, if cybercrime were a tax, it would result in a 4.2% levy on the world’s GDP (Read more...)