See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.

Business Cost of Cybercrime

The cost of cybercrime in the US isn't limited to information vulnerability. These attacks are losing US businesses billions of dollars.

Businesses around the world have faced a lot of challenges this past year.

COVID-19 forced many to shutter their doors, while others required a transition to have their employees work from home. On top of that, cybercrime increased in both sophistication and frequency.

It's predicted that in 2021, 2 out of 3 cyber attacks will be undetectable without human involvement. Ransomware will continue to rise in volume, and cloud configuration will remain a top threat vector.

However, the cost of cybercrime in the US isn't limited to information vulnerability. These attacks are losing US businesses billions of dollars each and every year.

With that in mind, let’s dive in and take a closer look at how cybercrime's effects on business can lead to financial costs and what your company can do to proactively prevent being the victim of a cyberattack. (Explore the biggest cyberattacks in history.)

Global Impact: Cybercrime Costs


Nowadays, the biggest and most successful companies in the world operate within the global economy. As such, when they become vulnerable to hackers, it affects the global market.

How Much Does Cyberattacks Cost the Global Economy?

McAfee estimates that cybercrime costs the world economy more than $1 Trillion or roughly 1% of global GDP.

Furthermore, estimates for the global impact of cybercrime project costs being over $10.5 Trillion by 2025.

Cybercrime costs include a number of factors, including damage and destruction of data, theft of intellectual property, and stolen money.

When data is destroyed, the company has to spend hours restoring and fixing it, as well as reassuring their investors that the incident won't happen again. If a company becomes victim to multiple instances of cybercrime, it can hurt the company's public reputation and encourage investors to withdraw financial support.

Cost of Cybercrime in the US

According to the FBI, the cost of cybercrime in the US was $3.5 billion in 2019. However, the actual toll could be much higher since oftentimes the exploits and intrusions go unnoticed. A New Zealand-based security firm, Emsisoft, estimated ransomware alone cost the US over $9 billion. In comparison, the UK lost $1.8 billion to the same threat.

The average ransom demand is over $100,000, which continues to grow over time. Furthermore, over a third of all companies attacked with a ransomware attack, end up paying that price, resulting, on average, in a 16-day downtime for the attacked firm.

Over 95% of malware deploys polymorphic techniques, meaning it can change its code on the fly. With this in mind, over half of all PCs infected with malware become re-infected in the same year.

Reports also suggest that criminal cyber gangs are planting "sleepers" in cleaning companies so that they can physically access company databases at a later date.

With all of the different realistic threats in the digital world, it becomes imperative that companies deploy cybersecurity best practices to help protect their digital assets. Further, companies must work to avoid the heavy financial costs associated with cybercrime.

5 tips to knock out your security budget negotiation

Average Cost of Cybercrime

Image Source

What is the economic impact of cybercrime? The cost of cybercrime doesn't just show in terms of damages and recuperation of an attack. There's also the cybersecurity cost that comes before and after an attack.

Currently, organizations spent nearly 23% more in 2020 than the previous year on cybersecurity. And yet, the average annual number of breaches has managed to increase every year.

The average cost of a malware attack for a company is over $2.5 million. That includes the time it takes to resolve the attack, which is 50 days on average. That's 50 days to get things back to how they were before the breach, with additional security upgrades.

Yet, the average cost of pentesting and other cybersecurity protections come in far less, creating a strong incentive for companies to take their cybersecurity seriously and confront digital threats proactively.

Projected Cost of Cybercrime in 2021

As the rate of cybercrime increases, so does the projected cost for 2021. This trend compounds upon itself with the addition of technological advancements such as the prevalence of internet-connected devices in the world.

Currently, the number of internet-connected devices is expected to rise from 31 billion in 2020 to 75 billion by 2025. That's 44 billion more devices with hacking potential and thus need to be protected.

By 2021, ransomware is expected to cost $6 trillion per year according to cybercrime magazine. Phishing attacks will also increase in sophistication as attackers work to outsmart current cybersecurity methods.

Cybersecurity estimates global cost of cybercrime to grow by up to 15% every year. By 2025, cybercrime cost predictions suggest industries worldwide could pay as much as 10.5 trillion USD annually for malicious exploits.

These massive numbers viewed from a different perspective help to show how big of a problem cyberattacks can be.

For example, despite its criminal nature, cybercrime is one of the greatest transfers of economic wealth in history. Its impact is larger than the damage inflicted by natural disasters in any given year.

Broken down, that 6 trillion USD a year is roughly $16 billion lost every single day to cybersecurity breaches.

Going past a purely economic standpoint, cybercrime's prevalence also means ordinary citizens are also at risk. Not only are normal people at risk of their information becoming public, but a major cyberattack on America's physical infrastructure, such as a power grid attack is also a possibility. One instance of this occurred recently with an attack on a water treatment facility in Florida.

As such, the government also takes this threat very seriously. The FY 2020 U.S. President's Budget includes $17.4 billion for cybersecurity-related activities.

How Cyber Attacks Can Be Reduced


Every industry that utilizes the internet is at risk of an attack. Some of the most vulnerable sectors include government entities, healthcare institutions, and higher education facilities.

There's a widespread belief among smaller companies that their systems are safe from hackers and other forms of data breach. However, most data thieves look for the easiest jobs available.

In order to prevent cyber attacks, your business should train employees in cybersecurity. This includes education on how to avoid malware, such as not clicking unknown emails and promoting overall cybersecurity awareness.

Your company should also install and use antivirus and antispyware software on every single computer you have. Your internet connection should have a firewall set up as well to keep out intruders.

Furthermore, from a technical standpoint, committing to a Pentest Program helps to reduce your company's risk of a cyberattack.

Most importantly, don't be afraid to speak to a superior if something seems fishy with your network or computer system. Since many cyberattacks today involve social engineering techniques, it's best to be safe than sorry.

Avoid Paying the Price of Cybercrime

Unlike other questionable internet behaviors, cybercrime is not a victimless crime. It can cost companies weeks of manpower and millions of dollars to recuperate from an attack.

The cost of cybercrime in the US continues to grow every day, and things aren't looking to slow down any time soon.

Do you feel like your systems are secure from potential hacking attempts? How sure are you about that?

Learn how Cobalt helps companies world wide improve their security posture with pentesting to pinpoint vulnerabilities and retest assets after remediation. Read more about Cobalt's pentest pricing.

New call-to-action
Back to Blog
About Jacob Fox
Jacob Fox is a search engine optimization manager at Cobalt. He graduated from the University of Kansas with a Bachelor of Arts in Political Science. With a passion for technology, he believes in Cobalt's mission to transform traditional penetration testing with the innovative Pentesting as a Service (PtaaS) platform. He focuses on increasing Cobalt's marketing presence by helping craft positive user experiences on the Cobalt website. More By Jacob Fox
Security Love Languages: 7 Tips to Win Friends and Influence People in Security
As humans, we express our love for others through words and actions, and we receive love by interpreting the words and actions of others.
Mar 18, 2020
ESG Report: Cobalt Customers Fix Vulnerabilities 66% Faster for Half the Cost
Enterprise Strategy Group (ESG) put us to the test, analyzing Cobalt-provided material, public and industry knowledge of pentesting and security practices, and the results of customer interviews and subject-matter experts. 
Aug 3, 2022