14 Sep

Research shows that one reason why organisations face constant, serious security threats is that cyber criminals, fuelled by a new cybercrime-based economy are spending much more on cyber attacks than organisations are spending on cyber security.

Cyber Criminals Spending and Reinvesting $Trillions!

Back in 2017, Gartner predicted that organisations would collectively be spending around $96 billion on their cyber-security. Although this is a big number, it is dwarfed by the figures relating to the proceeds of crime.

For example, last year, Cyber Security Ventures predicted that cyber-crime will cost the world $6 trillion annually by 2021, and Bromium’s independent study from April this year showed that the booming cyber-crime economy has generated $1.5 trillion in illicit profits. This figure is the equivalent to the GDP of Russia, meaning that if cyber-crime was a country, it would have the 13th highest GDP in the world!

Although some of these profits have been simply acquired, laundered, and spent, much has been ‘reinvested’ by cyber criminals. This means that there is potentially a great deal more being spent by cyber-criminals on cyber-attacks than is being spent by organisations on cyber security.

Revenues Exceed Those of Companies

In fact, cyber-crime revenues have been found to often exceed those of (mainly SME-sized) legitimate companies, although they can reach the levels of large, multi-national organisations of over $1 billion.

Greater Spending Forecast

Some commentators have forecast hope in the form of much greater security spending by organisations in the not-too-distant future. For example, research company Gartner has noted that, with the average cost of a data breach at $3.86 million (Ponemon Institute figures), and with the recent string of highly publicised data breaches, privacy concerns are becoming the catalyst for increased security spending for organisations. Skills shortages and GDPR are also driving demand for security services.

Gartner predicts that privacy concerns will drive at least 10% of the market demand for security services through 2019 as security and risk management are recognised as being critical part of any digital business initiative. Gartner also predicts that at least 30% of organisations will be spending on GDPR-related consulting and implementation services through 2019.

What Does This Mean For Your Business?

The huge sums being made and re-invested in their activities by cyber-criminals are evidence of a big change in the environment that poses a major threat to data security for businesses. Security commentators have noted that in a world where data has become a valuable commodity, a professional cybercrime-based economy has grown and become self-sustaining system and a platform of criminality that mirrors the platform capitalism model used by big companies. The economic relationships and agents in this criminal system can generate and maintain huge revenue streams that can be used to fund more cyber-crime and other crime such as human trafficking, drugs and terrorism.

The wealth of states is also being used to fund cyber-crime as hacking gangs carry out more state-sponsored attacks (e.g. Russia, China and North Korea) thereby threatening many parts of the UK economy. Clearly, this is a challenging time for UK businesses in terms of planning and spending on security.