In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate.
In 2021, U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks alone. That was a nearly 200% increase over the previous year. If we continue at that rate, next year could see global costs approaching $16 trillion.
Why might costs be so high? Here are seven reasons why cyberattack rates and costs will rise dramatically in 2023.
Reason 1: The Economy
The Cybersecurity Venture report correctly identified the talent crunch as a reason for concern. But the problem has even deeper roots. The worldwide economic outlook continues to face stiff headwinds. Inflation, the energy crisis and supply chain issues are affecting every industry. Inflation will increase the overall cost of cyber crime as preventive and remediation costs rise.
While inflation is not directly related to the number of incidents, it does impact company budget decisions. In response, some of the biggest tech brands are reducing headcounts and implementing hiring freezes. Meanwhile, security teams have been stretched thin for years. If security budgets don’t rise with inflation, security leaders will have even less buying power to implement strong security and capable teams.
Reason 2: Malware-as-a-Service
Ransomware has plagued businesses, governments, individuals and organizations in nearly every sector. Now it’s easier than ever for threat actors to access powerful ransomware tools. Even with modest technical skills, criminals can launch attacks that can cost companies millions.
Ransomware and other malware can be purchased for as little as $66. You can even get a phishing kit for free on underground forums. Meanwhile, the global average cost of a data breach is $4.35 million. And the majority of targets are already victims of repeat attacks (83% have had more than one breach, as per IBM Cost of a Data Breach report). Since accessing malware services and kits has never been easier, attack rates are bound to rise substantially.
Reason 3: Geopolitical Conflict
In 2021, the Russia-based REvil Ransomware-as-a-Service group was responsible for nearly 18,000 attack attempts in the U.S. alone. Members of the group were also behind the Colonial Pipeline attack. The cyber gang claimed to rake in annual revenues of over $100 million. Some might forget it was the Russian government that eventually took down REvil. Reportedly, the takedown was part of a rare collaborative effort between the United States and Russia.
Since the outbreak of the war in Ukraine, these kinds of collaborative efforts are less likely. The U.S. continues to increase cybersecurity collaborative efforts with friendly nations. But rising geopolitical tensions are already causing an increase in state-sponsored and politically driven attacks.
Reason 4: Criminals Target Smaller Organizations
While the big, high-profile breaches fill headlines, many intruders prefer to target smaller organizations. Between 2020-2021, cyberattacks on small companies surged by more than 150%, according to RiskRecon, a Mastercard company that evaluates companies’ security risk.
The reasons behind this trend are twofold. For starters, smaller targets usually have weaker security. Also, high-profile targets like infrastructure or big corporations will likely attract a stronger law enforcement response. This means schools, local police departments, small government offices and businesses with less than 1,000 employees will continue to be attacked.
Reason 5: Organizations Can’t Afford Cyber Insurance
A recent report warns that the number of organizations with cyber insurance problems is set to double in 2023. They might be unable to afford cyber insurance, be declined coverage or experience significant coverage limitations.
Forrester commented on the situation in their Top Cybersecurity Threats for 2022 report. The firm predicts that it is likely that insurers will include new underwriting requirements and greater scrutiny of risk mitigation and security program maturity. The cyber insurance crisis is not only an indicator of rising risk. It will also place further pressure on businesses on the financial side in the event of a breach.
Reason 6: Rapidly Expanding Attack Surface
In 2021 there were a total of 11.3 billion IoT devices worldwide. This number will likely reach 15.1 billion in 2023. Meanwhile, as of 2022, 26% of U.S. employees work remotely. Current estimates expect 36.2 million American employees to be working remotely by 2025.
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal sensitive data, cryptojack devices or build botnets. Intruders may even reach corporate assets from a device connected to a home network where remote work occurs.
The attack surface has never been greater and continues to expand rapidly. This means threat actors have even more places to probe and attack.
Reason 7: Hacktivism Rising
The world continues to suffer from a wide variety of conflicts. In the geopolitical realm, pro-Ukraine or pro-Russian hackers launch attacks with political motives. We also see the rise of environmental hacktivists targeting mining and oil companies.
According to one expert, hacktivism has become a mainstream force impacting millions of lives globally. “Hacking for a cause” incidents include the Democratic National Committee (DNC) email hack and the massive 2.6 TB Panama Papers leak. Hacktivism is a significant anti-establishment weapon promoting a diverse set of causes around the globe. And as street protests grow, online protests will grow as well.
Get Ready for a Turbulent 2023
These indicators all point towards a significant rise in cyberattacks and associated costs for 2023. Efforts to stem the tide are underway from both the public and private sectors. Let’s hope the good guys soon gain the upper hand.