Article Highlights
Cybercrime: A Crisis Imposing A Rising Burden on the Global Economy
Distributed Workforce, Digital Economy: Prey for Social Engineering Attacks
Compromised Credentials: Social Engineering Attack Fuel, Protect Passwords
Anti-phishing Protection: The First Line of Defense
2024 Forecast: +19% Growth from 2023, Up from +16% 2020-2023 Baseline
Each month FYEO publishes an update on cybersecurity developments, trends and the volume of leaked credentials added to our exposed login credential database (now 27 billion and growing). For a broader perspective on cybercrime and its attack vectors, here we step back from the near-term particulars to look at trends using data from other sources and provide a forecast for 2024.
The Big Picture: Cybercrime - A Growing Burden on The Global Economy
Based on data from the IMF (global GDP) and Statista (cybercrime), cyber attacks pose increasing burden on the global economy. Since the 2020 COVID pandemic, cybercrime is growing at 40% annual rate, almost 6x faster than the global economy, spurred as the world became rapidly more digital out of necessity due to the impact of the COVID pandemic. Were cybercrime a global GDP component, it would represent almost $0.08 on every $1.00 produced in 2023, up from just under $0.01 in 2017, a development of staggering import.
How Is This Happening?: Social Engineering, Business Email Compromise & Credential Attacks
Two sources, IBM Security and Verizon, have been publishing annual reports since 2006. From IBM Security, the annual “Cost of a Data Breach” (CDB) Report offers financial cost data for 11 attack vector types, 16 countries/regions and 17 different industry sectors. From Verizon, the annual “Data Breach Investigations Report” (DBIR) which covers 21 industries in 81 countries with data from 67 contributing organizations (interestingly, not from IBM Security).
Given the impact COVID had on the global economy in terms of how and where business was done, we use the IBM and Verizon databases to examine the 2020-2023 period in order to see how cyber attack vectors have shifted.
Clearly, Social Engineering & Business Email Compromise (BEC) is the standout attack vector with a +55% compound annual growth rate (CAGR). Feeding this accelerated growth, Credential Losses, a +13% CAGR, provide the necessary inputs (e.g. logins, personally identifiable information (PII)) to fuel Social Engineering & BEC attacks. Meanwhile, System Error and Accidental Device Loss vector, a +25% CAGR, reflects the difficulties in supporting a distributed workforce that more often than not is using personal devices.
All told, these three vectors represent an estimated $44 billion in cumulative data breach costs over the 2020-2023 period and are growing at a combined +24% annual rate. Together, the five attack vectors generated $83 billion in data breach costs, growing at a +16% annual rate.
2024 Forecast: Data Breach Costs Accelerating to +19% from 2020-2023 +16% Pace
Given the relative shift and growth rate of the attack vectors analyzed, 2024 is forecast to have data breach costs of $27 billion, +19% over 2023. This marks an acceleration from the 2020-2023 baseline growth rate of +16% and stems primarily from Social Engineering & BEC expanding +56%.
Apart from the continued steady supply of leaked PII from System Error & Accident and Credentials attack vectors, factors supporting further acceleration for the Social Engineering & BEC attack vector is the use of Artificial Intelligence to improve both the quality of phishing emails and the range of languages in which they will be delivered.
Reconciliation: Top-Down versus Bottom-Up Perspectives
There is admittedly a significant difference between the Statista cybercrime data series when compared with the IBM Security and Verizon data. The table below offers a summary of the difference between the top-down and bottom-up perspectives. Verizon comments that “the only certain thing about information security is that nothing is certain.”
As such, trying to assess the extent of data breach costs is akin to looking at an iceberg where only a small portion is observable above the ocean’s surface. So, we look here for confirmation primarily that the growth rates are above that of the global economy and rising.
Conclusion: What To Do Now? Don’t Panic, Let’s Talk
At FYEO, we offer solutions for threat intelligence and password security that are decentralized, powered by AI and informed by our leaked credential database of over 27 billion records (and growing).
For example, as identity wallet use expands, the chance cybercriminals shift their focus to exploit potential vulnerabilities only grows, a development making the importance of identity protection even more paramount.
We have built a truly decentralized solution to combat this problem. Now in closed beta, FYEO Identity is a decentralized password manager that uses public/private key technology to help keep your credentials secure from bad actors with a real-time built-in Identity monitoring system that leverages FYEO's breach database of over 27 billion leaked emails & passwords.
Your keys, your data, for your eyes only (i.e. FYEO)! Join our closed beta.
Come learn more about how FYEO Domain Intelligence, FYEO Agent and FYEO Identity can improve your company's threat intelligence and anti-phishing performance.
FYEO Domain Intelligence Threat Monitoring Platform
FYEO Identity Decentralized Password Manager (Free)