A version of this article appeared in a recent issue of the Packet Pushers Human Infrastructure Magazine, a free newsletter that we send every two weeks. If you’re interested you can sign up and see back issues here.

Cybercrime costs $450B according to this hypetastic article from Hiscox (a company that sells cybercrime insurance no less).

In 2016 “cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen,” said Steve Langan, chief executive at Hiscox Insurance, told CNBC.

Scary? NOT AT ALL.

The size of the global economy, according to CIA World Fact Book, is $75.73 trillion. Cybercrime is just 0.57% loss overall. That’s well within the limit of acceptable losses.

 Reality Check

Current spending on IT security:

Cybersecurity Ventures predicts global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. Source: http://cybersecurityventures.com/cybersecurity-market-report/.

So they claim around $200 billion per year over five years. If that’s ramping up at 10%, let’s say it’s $120 billion in 2017.

According to IDC’s analysis, worldwide revenues for cyber-security related services, software and hardware will come in at $73.6 billion in 2016 and will grow at a compound annual growth rate (CAGR) of 8.3 percent through 2020. IDC noted that the CAGR for cyber-security is faster than the overall rate of IT spending growth. Source: http://www.eweek.com/security/global-cyber-security-spending-to-top-100b-by-2020-idc

So IDC says more like $80B. Lets split the difference and call it $100B of IT security spending.

What about insurance spending that would offset the risk of ‘cyberthreats’? In a TV interview, the CEO of insurance giant Lloyds of London said the following:

Last year, the insurance industry took in $2.5 billion in premiums on policies to protect companies from losses resulting from hacks. That was up from around $2 billion a year before, and less than $1 billion two years before that.  (see link below)

The EtherealMind View

1. Assume the numbers are grossly inflated to make a headline and create free marketing. Given.
2. Let’s go with $250B cost to the Global Economy.
3. Out of the $75T total in the Global Economy, total losses to ‘cybercrime’ (gods, that’s an awful term) are less than 0.2%. That’s less than a rounding error.

Conclusions

1. Total IT security spending of around $100B in 2017 while people steal at least $250B
2. IT Security isn’t financially significant.
3. Losses to cybercrime are 2.5 times greater than the cost of protection. That’s not winning.
4. The losses are acceptable as proven by the lack of cybercrime insurance.

Resources & Links

Link: Lloyd’s CEO: Cyber attacks cost companies $400 billion every year – Fortune.com

Link: The World Factbook — Central Intelligence Agency

Link: Cybercrime costs the global economy $450 billion: CEO – CNBC

Link: Global State of Information Security® Survey 2017 – PwC