The annual cost of cybercrime is either staggering, or a mere blip on the world's economic bottom line, depending on how you look at it.
It is notoriously difficult to quantify, since a majority of cybercrime incidents go unreported, some companies don't even realize they have been compromised and many are not able to put a dollar value on intellectual property (IP) that they still have, but is now also in the hands of a competitor, a thief or another nation state.
But most estimates put global losses in the hundreds of billions of dollars. One report released last month, by the Center for Strategic and International Studies (CSIS) and titled "Net Losses: Estimating the Global Cost of Cybercrime," puts it between $375 billion and $575 billion.
That, on the high end, would make it more than the U.S. defense budget. It would be more than the entire economies of many countries. And the report's authors say while it is possible they have overestimated that cost, they believe it is far more likely they have underestimated it.
Even so, the losses for most individual countries, including the U.S., amount to less than 1% of gross domestic product (GDP). For the U.S. it is estimated at 0.64%. The worst of the G20 countries is Germany, at 1.6%. By some reckoning, that could be viewed simply as another minor cost of doing business.
That, in essence, is the view of Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council. "When I hear about the massive cybercrime problem, I want to know what specifically do you mean?" he said. "If we are going to take the IP loss as seriously as they want us to take it, we need to know how it was actually used."
Healey said that estimating the real economic cost of cybercrime has been almost impossible for decades. He said it has had a range of two orders of magnitude since 1988. "We really don't have a good answer," he said.
But he does agree with other experts and with reports that say the raw number matters less than the trend, which is that losses from cybercrime are increasing.
TK Keanini, CTO of Lancope, is among them. "The important point here is that it is trending in the wrong direction and the rate is increasing year over year," he said.
He added that some companies were damaged so badly by cybercrime that they are no longer in business. So, for individual companies, "that is a much greater number than 0.64% in my book," he said.
More worrisome is that a majority of companies, while their leaders express heightened concern about cyber attacks, are not taking security measures that have been recommended by experts for years.
Sign up for CIO Asia eNewsletters.