The hidden cost of cybercrime

Date: June 07, 2011
Source: Business.blogs.cnn.com


(CNN) –A few years ago a disgruntled employee for a large multinational automotive firm left the company - but when he walked out the door, he also walked out with plans for a new car model under development on a cheap USB drive.

When the plans were leaked, the cost to the company was an estimated $1 billion in lost sales and increased research and development costs, according to a security expert who worked on the case.

"The information ended up being published, which saw sales plummet for the existing model as customers decided to wait for the new model," said the expert, who asked not to be named due to confidentiality agreements with the automaker.

Yet that theft will never showed up in criminal statistics, nor will the cost be listed in public ledgers as cost due to "cybercrime." Murky by nature, cybercrime losses are difficult to categorize. That helps keep them hidden from the public eye by companies leery of publicizing breaches in corporate security.


The cost of cybercrime has come into focus due to a recent spate of high profile computer crimes: a hacker attack on Sony in May took its PlayStation Network down for 23 days after confidential information on tens of millions of network subscribers was breached; the company estimated the cost of that attack will total $171 million.

The aerospace and defense titan Lockheed Martin announced it had "a significant and tenacious attack" on May 21 using data stolen from security token maker RSA, which was hacked itself in March. Google last week announced a scam that appeared to emanate from China that stole Gmail passwords in a targeted attack of hundreds of high profile U.S. and South Korean government officials, as well as journalists and Chinese activists.

The amount of new malicious software, or "malware," unleashed on the internet during the first three months of this year hit six million programs, according to a report last week by McAfee, the computer antivirus maker. "It's been a busy start to 2011 for cybercriminals," Vincent Weafer, senior vice president of McAfee Labs, said in a statement.

A 2009 study by computer antivirus maker McAfee and SAIC, a technology security firm, estimated that computer crime cost companies $1 trillion across the globe, but analysts say the actual total is sure to be higher as computer security breaches are underreported.

"I think all the service providers are victims of this type of issue, it's just whether the company has a public interface to warn users of this type of problem is the big question," Andrew Lih, author and professor at the University of Southern California, told CNN.

"Google has been pretty good at being forthcoming in having this kind of dialogue with its users," Lih said. "It's very possible to probable that these other service providers, from Yahoo to Microsoft to any of these other ones, have had these types of attacks, it's just that Google has been very public in trying to combat this."

---

Add comment  Email to a Friend