Chris Strohm Washington

Cybercrime remains a growth industry.

That is the main message from former US intelligence officials, who in a report yesterday outlined scenarios for how $445 billion (R4.7 trillion) a year in trade theft due to computer hackers will worsen. They warned that financial companies, retailers and energy companies were at risk from thieves who were becoming more sophisticated at pilfering data from their servers.

The outlook “is increased losses and slower growth”, with no “credible scenario in which cybercrime losses diminish”, according to the report by the Washington-based Centre for Strategic and International Studies (CSIS).

Some of the damage will be hard to trace, such as economic downturns caused by foreign competitors selling products based on stolen designs and financial markets undermined by hackers.

“Cybercrime is here to stay,” said Stewart Baker, a lead author of the study who was general counsel for the National Security Agency in the 1990s and later an assistant secretary at the Department of Homeland Security.

“The real question is do we know what cybercrime is costing us?” he asked.

The damage done already includes 40 million people in the US having their personal information stolen within the last year and an unnamed oil company losing hundreds of millions of dollars in business opportunities when hackers obtained its oilfield exploration data, according to the report.

Network security company McAfee sponsored the report by CSIS, a non-profit Washington-based policy research organisation.

The report is intended to provide a comprehensive estimate of the cost of global hacker attacks as governments and companies fight digital incursions that could have catastrophic consequences.

In an indictment last month US prosecutors accused five Chinese military hackers of stealing information from American companies that would be useful to competitors in China.

The biggest driver in the cost was stolen intellectual property, said Tom Gann, the vice-president of government relations for McAfee, a unit of chip maker Intel.

The report puts cybercrime in the context of other malicious activity, such as piracy at sea and transnational crime. It found that cybercrime costs about 0.8 percent of global gross domestic product, compared with .02 percent for maritime piracy and 1.2 percent for transnational crime. To some degree, companies and governments accepted cybercrime as a cost of doing business in the digital world, Baker said.

McAfee estimated in 2009 that companies lost more than $1 trillion through data theft and cybercrime. The company turned to CSIS to come up with a more accurate projection.

Estimates should be viewed with scepticism especially because the value of intellectual property could be exaggerated, said Jim Harper, a senior fellow with the Cato Institute, a Washington-based NGO.

“This kind of report probably obscures more than it informs,” Harper said.

Baker said CSIS used careful economic analysis and rigour to develop the cost estimate, which might be understated because many hacking attacks were not reported. – Bloomberg