Data breaches to cost $2.1tn

Read time 3min 30sec
The majority of data breaches in 2019 will come from existing IT and network infrastructure, says Juniper Research.
The majority of data breaches in 2019 will come from existing IT and network infrastructure, says Juniper Research.

The rapid digitisation of consumers' lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

That's one of the biggest findings from a recent study by Juniper Research, which notes the figure represents 2.2% of the IMF's forecast global GDP in 2019.

James Moar, research analyst at Juniper Research, believes that as more and more business infrastructure moves online, so do those wishing to destroy or defraud that infrastructure.

Security software vendor Symantec dubbed 2014 as the year of the "Mega Data Breach". According its own study, the total number of data breaches in 2014 increased 62% from 2013, amounting to more than 552 million records exposed.

Juniper Research found the majority of the breaches in 2019 will come from existing IT and network infrastructure.

While new threats targeting mobile devices and the Internet of things are being reported at an increasing rate, the number of infected devices is minimal in comparison to more traditional computing devices, it says.

According to the research firm, the cost-per-record is going to increase in future, as more sensitive data is stored online as a matter of course.

"Cyber crime is a growing threat to corporations and consumers, who are increasingly using online methods to run their businesses and lives. With the advent of mobile computing, this is only likely to become more common," says Moar.

Juniper notes cyber crime creates financial costs for those it targets, either directly through loss of data or money as a result of the attack, or indirectly in the form of additional preventative measures required to combat cyber crime like additional staff, server resources, advanced software and so on.

Typically, the most expensive forms of cyber crime are data breaches, those attacks which result in the criminals seizing business or personal records, it warns.

ITWeb Security Summit 2015

Don't miss the definitive event for security professionals:
26 to 28 May, Vodacom World, Midrand
Book today!

The report also highlights the increasing professionalism of cyber crime, with the emergence of cyber crime products such as the sale of malware creation software over the past year, as well as the decline in casual activist hacks.

Hacktivism has become more successful and less prolific - in future, Juniper expects fewer attacks overall, but more successful ones.

"Currently, we aren't seeing much dangerous mobile or IOT malware because it's not profitable", it notes. "The kind of threats we will see on these devices will be either ransomware, with consumers' devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack.

"With the absence of a direct payout from IOT hacks, there is little motive for criminals to develop the required tools."

Juniper says cyber criminals carry out their activities for a range of reasons and in a variety of ways, explaining cyber crime is any illegal activity conducted primarily through the covert use of hardware or software.

Cyber criminals also engage in cyber espionage with the intent to steal secrets, whether from a business or governmental target, it notes, adding cyber activism, also called 'hacktivism', is the process of organising, or practising, politically-motivated action of any type through Internet-based media, computer systems and data.

It also explains that cyber terrorism is a process of premeditated illegal attacks against computer systems, computer programs and data, with the intended result of violence against civilians or civilian targets in the service of political aims.

Cyber war, the research firm adds, is a process of premeditated attacks against computer systems, computer programs and data of one state by another state or state-sponsored actor.

See also