Cybercrime remains high on the agenda of governments, public organizations, and private companies worldwide. In 2023, the global annual cost of cyberattacks is predicted to top $8 trillion, says a recent Cybersecurity Ventures report, and the overall damages could reach $10.5 trillion annually by 2025. But the impact of cybercrime extends far beyond the economic costs.
Cybercrime can disrupt essential services such as hospitals, pipelines, transportation systems, government departments. It can jeopardize trust and the reputation of public and private service providers, increase geopolitical tensions, and undermine democratic principles. Interviewed by the Financial Times, Mario Greco, CEO at Zurich Insurance, said cyber threat “is not just data . . . this is about civilization. These people can severely disrupt our lives.” The potential magnitude is so serious, that he predicts cyber risks will soon become uninsurable.
While the World Economic Forum calls for global rules and a more expansive approach to foster cyber resilience, attack rates and costs are expected to rise dramatically in 2023 for different reasons.
As IBM’s Security Intelligence explains, today it’s easier than ever to access powerful ransomware and malicious tools. This means criminals can launch attacks even with modest technical skills, damaging businesses, governments, and organizations in nearly every sector, also hitting individuals.
The attack surface is rapidly expanding. In 2023 there will be more than 15 billion IoT devices worldwide, and tens of millions of employees from public and private organizations working remotely. Intruders may take control of a city network by violating a single connected IoT device such as a video surveillance IP camera, or reach corporate assets from a home office device.
Rising geopolitical conflicts are adding troubles by multiplying state-sponsored and politically driven attacks. We also see the rise of environmental and social hacktivists, launching anti-establishment incidents to promote a diverse set of causes around the globe. And high-profile targets like infrastructure or big corporations will not necessarily be their first choice, since small government offices, mid-sized city departments, or local utilities may be more vulnerable – thus they may become the perfect starting point for resounding attacks.