The Expert Podcast

So, how big of a problem is cybercrime? If you run a small business, you may not have any exposure to any kind of cybercrime, cyberattacks, hacking, or ransomware. But the size of that problem can be understood if you look at it in terms of the U.S. market. In this article, it talks about the eight trillion-dollar cybercrime industry. Now, if you take eight trillion dollars and compare it to other countries' GDP, if it were measured as a country, cybercrime would be the world's third-largest economy after the U.S. and China. So, it's a huge industry. This is happening all around us. It's affecting consumers, individuals, big companies, small companies, public utilities, and government agencies.

So, where does this money come from? How is it calculated? What are the costs of cybercrime? Well, it describes right here that the cost of cybercrime includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, and theft of personal financial data. And we'll talk about those separately.

Imagine that you are a company and you're hit with an attack—ransomware, some type of cyberattack. Many times what the hacker will do is infiltrate your system, and we've talked before about how they do it and their mechanisms, and they will download all of your records. Think about the records and information you have on your company's system, whether it's your server in the cloud, your email, or your phone system, and they'll use that information. First of all, try to extract a ransom from you to get it back or unlock your system. In the meantime, they now have your entire customer file. They may take that and sell it to your competitor. They may take it and sell your consumer customer list to the dark web. So now you have a list of all your customers, their addresses, phone numbers, emails, and sometimes even more sensitive information like date of birth or credit card numbers, and they'll sell it to the dark web. Sometimes what they'll do is lock up your accounts receivable. So, you know you have a certain amount of accounts receivable for some companies; it's two months worth of revenue. So, if you have a net 30 or net 45 payment structure, by the time you get the billing-out payment in, you may have two months or maybe a month and a half. Ten percent of your company's revenue at any given time is floating out there, and what they might do is send out alternate invoices with updated wire transfer information to your customers and say, "Look, here's your new payment information. Wire the money to this address." And so now some percentage of your customers will wire transfer their payments to the hacker, and you lose the money. Are you going to tell your customer they have to pay twice? Are you going to eat the money? And for some companies, losing 10 percent of their revenue might be all your profit for the year if you operate on a 10 or 15 percent profit margin. If you lose a month or month and a half worth of payables, you may be losing all your profit for the year. Other times what they'll do is embezzle you using your information for social engineering. They'll get your account information, they'll get access to your email, and they'll email your bank to transfer money to their account, right? So, those are some of the losses they'll suffer.

Post-attack disruption. So that way, once they get access, they can then continue to send emails on your behalf, to contact customers on your behalf, and to disrupt your business. You'll also have to spend money on a forensic investigation. You'll have to hire, usually, an investigator or a forensic accountant to go back through and sort out all your records. Many times, you will have to pay money to an IT person to restore these records or recreate the data, even if you have a backup. And last but not least, you'll suffer reputational harm. That means your customers, your vendors, and your employees are all going to lack confidence because this event happened and disrupted their lives. Sometimes employees aren't able to get payroll. Sometimes vendors aren't able to get paid. Sometimes customers aren't able to place orders or get deliveries. So, this cybercrime is a huge thing, and even though you may not have been exposed to it, it's 8 trillion; that's a big number, and it's almost the size of the U.S. market in terms of volume.

So, look at the different options you have to prevent this. Whether it's cyber defense, cyber insurance, or some other type of best practice for hardening your network, And make sure you're also including all of the nodes of your network that exist outside your four walls. You may have servers, routers, and VPNs that also have this type of vulnerability; even customer access to your network through their computers might be a vector for bad actors to get in.