Measuring the Cost of Cybercrime: The Why’s
The global cost of cybercrime was estimated at USD 600 billion in the last year. Though there have been numerous debates on the methods of calculating cost of cybercrime in various sectors, there is no definitive standards or globally accepted norms for this calculation, yet. In India, this is a fairly new topic, and we should start by analyzing the notion of calculating the cost of cybercrime. Some compelling reasons are enumerated below:
Impact on the national economy
In a report published by the Reserve Bank of New Zealand, the authors explain that cyber risks impose costs to the financial sector and hurts the economy of the nation. The claustrophobic effects of cybercrimes and its costs needs to be accounted to know its impact on the sector and the national economy. This will help the government and financial sector in knowing the exact damages and plan remedial measures or policy imperatives.
Create appropriate budgetary provisions and cyber insurance estimates
Organisations must quantify the damages caused to them by cyber incidents. This will enable them to allocate funds accurately for the loss and recovery processes and appraise stakeholders on the same. This will prompt them to relook their accounting procedures. If they are able to practice such changes it will help them to declare the exact loss to their sector’s regulator. The regulator will be able to use this data to aggregate institutional data on cyber-crime costs. Proper estimation of cyber losses will help the companies in quoting the exact losses and claim them from their cyber insurers. They will also be able to decide on the premium slabs of cyber insurance policies.
Actionable insights to law-enforcement agencies
Few years ago it was not possible to get international cooperation for cybercrime investigations in case of cyber-crimes committed in a country and the funds getting rapidly transferred to another country. However, this is slowly changing and there have been cases of law enforcement and international cooperation in tackling cybercrimes and punishing the offenders in some nations. When an organization is able to quantify or qualify the impact of their financial loss from a cyber-attack, the law-enforcement agencies will be able to investigate better. They may even negotiate and pressurize other nations to cooperate with the investigations by mentioning the magnitude of financial loss, its impact to the organization, economy etc. as the case may be.
The announcement of a cyber-attack usually leads to a sharp fall in the stock price of the company suffering from the attack. Hence, an organization can try to prevent decline in their stock value, if they are able to inform the exact loss and the financial provisions that have been made to recover from the cyber-attack. This could restore some confidence of investors and salvage their goodwill in the marketplace and repudiate rumors.
Establish a culture of developing cyber resilient products
The potential costs of cybercrime due to product vulnerabilities could be calculated during the vulnerability assessment of these products. This will induce further research in creating a cyber-resilient product. Timely intervention not only prevents technical losses but also helps in averting reputational crisis. Bug bounty programs and beta testing within the larger security community can also go a long way in increasing the cyber resilience of products.