Cybercrime: The World’s Third-Largest Economy

During the past 40 years, hackers have evolved from worm attacks in the 1980s to fully funded organizations tapping into some of the most lucrative industries in the world. Today, cybercrime is a significant threat to any company with a device attached to the internet and continues to cause substantial economic impact worldwide.

The United States, with a gross domestic product (GDP) of $25.44 trillion at the end of 2022, is by far the world’s largest economy. China followed in second place, with a GDP of $17.96 trillion. However, cybercrime is growing at a remarkable rate. In 2021, it caused global damages that cost $6 trillion, approximately $2 trillion more than the GDP of Japan, the country with the world’s third-largest economy.

According to Evolve Security, cybercrime will grow by 15% annually over the next five years. Estimates from Statista’s cybersecurity outlook see the annual global cost of cybercrime rising to nearly $24 trillion by 2027, compared to $8.4 trillion in 2022.

In Germany, a study by Bitkom highlighted that cybercrimes have caused total damages amounting to 206 billion euros, representing 5% of the nation’s GDP. Furthermore, 62% of companies view cybersecurity threats as significantly large, with phishing, password attacks, malware infections, ransomware, and SQL injection being the most commonly recorded forms of attack.

As artificial intelligence (AI) and machine learning become central to the cybersecurity dialogue, the landscape of digital threats is intensifying. The adoption of technologies like IoT and Industry 4.0 unveils new vulnerabilities, while an increasing number of threat actors leverage AI to enhance their hacking capabilities. Furthermore, attackers are broadening their targets to include cloud environments and the sensitive data housed in SaaS companies’ application services.

Cybercriminals collaborate across borders and have adopted hierarchies and specialized roles that make these bad actors more sophisticated, which is a significant challenge for law enforcement to track and prosecute them.

These bad actors focus on specific industries and accurately tailor their exploits. In addition, the emergence of ransomware-as-a-service enables hackers with limited experience to execute successful attacks, and the dark web remains an encrypted communication channel to plan activities with anonymity.

Cybersecurity breaches still occur from non-digital or physical system components and are often overlooked. These non-digital areas include unauthorized access to secure data centers or other physical locations where sensitive information is stored.

Unsecured physical access allows employees or contractors to leverage sensitive information for social engineering breaches. Organizations must also be concerned about improperly disposing of sensitive documents and hardware tampering that modifies devices with malicious code.

In addition to the physical analog tightening, the software supply chain needs particular attention. It is still a weak link that can have a devastating impact. Companies must not only maintain their security protocols but also scrutinize the security practices of their third-party suppliers.

Cybercrime’s GDP of $6 trillion has made it the world’s third-largest economic superpower. No one at all is immune to an attack. Any country is a target. As these shadow organizations become more organized and sophisticated, cybersecurity will have to morph into a must-have business utility such as energy or cloud services.

The advent of AI and machine learning holds immense possibilities for advancing corporate productivity. By contrast, the same tools applied to nefarious activities will unleash global IP devastation and chaos. Ignorance will be the Trojan Horse that opens networks to bad actors and continues a revenue stream for cybercrimes.