Cybercrime – UNICRI study analyzed risks for the economy and enterprises

UNICRI published a study on the impact of the cybercrime on the economy in the Europen region with a specific focus on the effect suffered by enterprises.

The UNICRI has recently published a study titled “Cybercrime and the risks for the economy and enterprises at the European Union and Italian level” that analyzed the impact of the cybercrime on the economy in the Europen region with a specific focus on the effect suffered by enterprises.

The cybercrime is one of the most serious threats to the global economy, it has been estimated that overall costs for the society has reached €750 billion annually, but what is most frightening is that these losses correspond to a significant share of GDP on a global scale.

Below a few statistics on the cybercrime:

  • Total cost of cyber crime between 375 and 575 billion per year (data McAfee)
  • Data theft accounts for 43% of total costs
  • 36% of total costs for damage to the business and loss of competitiveness (Ponemon Institute)
  • In 2013, 550 million identities violated (+ 493% compared to 2012) (Symantec)
  • Up to 3000 billion in estimated losses over the next six years (World Economic Forum)
  • + 130% increase in the time required for the solving a problem.
  • The average time to resolve a cyberattack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day. (Ponemon)
  • Nearly 80% of cybercrime acts are estimated to originate in some form of organized activity.

The action of the cybercrime is across countries and targets private companies of any dimension and operating in different industries, as confirmed by data published by principal security firms.

SMEs represent the fundamental of the European economic and social structure, as well as 99.9% of Italian enterprises.

“Cybercrime a multidimensional and complex phenomenon” reports the study “In addition to large companies, small and medium sized enterprises (SMEs) are increasingly affected by cybercrime attacks.”

The principal problem approaching the cybercrime is the evaluation of its effects by considering the following factors:

  • The loss of intellectual property and sensitive data.
  • Opportunity costs, including service and employment disruptions.
  • Damage to the brand image and company reputation.
  • Penalties and compensatory payments to customers (for inconvenience or consequential loss), or contractual compensation (for delays, etc.)
  • Cost of countermeasures and insurance.
  • Cost of mitigation strategies and recovery from cyber attacks.
  • The loss of trade and competitiveness.
  • Distortion of trade.
  • Job loss.

The research conducted by the Dr. Flavia Zappa Leccisotti for the UNICRI aims to provide a framework to assess the impact of cybercrime on the economy, and to evaluate the exposure of the SMEs to the risks of cyber-attacks. The research was conducted through targeted interviews and case study analysis to provide an overview of the Tactics, Techniques, and Procedures (TTPs) related to the criminal ecosystem.

cybercrime UNICRI

The first part of the document analyzes the various cyber threats and the threat actors behind them, meanwhile the second part details the impact of the cybercrime on the International and European perspective with a special focus on the Italy.

The main research findings are as follows: 

  • All interviewees highlighted the need to invest in building capabilities through training programs as well as the need to remove cultural barriers that hamper awareness of the risks of cybercrime. The lack of awarenes on the main cyber threats is one of the key factor for the success of the cybercrime.
  • Significan increase of targeted attacks (i.e. Spear phishing).
  • In order to implement countermeasures and concerted policies every employee in the companies must be informed of the cyber threat and related risks.
  • The study revealed the lack of information sharing and cooperation among companies. The experts ay UNICRI urges companies and governments to create networks for the sharing of data and best practices.
  • Countering cybercrime is very difficult due to its transnational character, the fight against cybercrime requires appropriate tools and cooperation, as well as a shared law framework for the persecution of threat actors on a global scale.

Unfortunately cyber security is still perceived as a cost to reduce, especially for SMEs. It is necessary a change of mindset, it is important to spread that the concept that cyber security is an added value, an indicator of the reliability of SMEs that must be carefully evaluated by customers and investors.

The information sharing is a key element for security posture of private companies and government entities, both in prevention and in response to cyber Attacks, the sharing of data related to threat actors and their TTPs is essential to increase the resilience to the incidents.

“The cross-border nature of cybercrime requires action at both the international and national level. In this regard, the European Union, in 2013, adopted its cyber strategy and invited Member States to do likewise. In 2014, Italy also published its National Strategic Framework for Cyberspace Security (Quadro strategico nazionale per la sicurezza dello spazio cibernetico). To counter cybercrime, training and information sharing are crucial.” states the research.

The data collected in the research allowed the UNICRI to design and create a strategy based on the development of two complementary projects:

  • A first project aims to increase awareness of cyber threats and improve the information exchange among various actors.
  • A second project to improve information sharing and to facilitate the creation of a leading cross-sectoral community in the fight against cybercrime.

I have contacted the Dr. Flavia Zappa Leccisotti for a couple of Q&A that are reported below:

PP: What are the main issues raised in the research?