There are many opinions on the subject, and one example provided in the article shows just how different valuations and cost calculations can be. Just this year, the Federal Trade Commission made statements about the Wyndham Worldwide hotel group breach, noting that millions of dollars were lost to fraud in this incident. In contrast, “Wyndham says it knows of no customers who lost money and that the FTC’s claims are ‘without merit’.”
Such differences lead us to take a close look at the value of cybercrime. Is it truly underreported? Most can agree that it is, simply because many organizations are breached far before they are aware of any security intrusions, and there are quite a few out there that have likely been compromised but still have no idea.
Another key issue the article raises is determining the true cost of cybercrime. Most often we see organizations totaling numbers around lost revenue, cost of clean up and potentially loss of intellectual property. But what about the cost of security technology, services and teams that organizations incur in order to prevent malicious activity from impacting them? What about the follow on costs of additional security processes and solutions that are implemented to prevent any further breaches of data security? The most accurate measurement of the cost of cybercrime would include all of these factors, and as the article points out, “working out the cost of cybercrime is a devil of a job.”
I found that this article raised some solid questions and issues that the industry is working to address, albeit not as quickly as is necessary. I’d like to see more of these discussions taking place and I welcome any additional thoughts you all might have.