The threat study titled, ‘Black Market Ecosystem: Estimating the cost of ownership’, looks at cyber-crime from a business perspective using the most common and popular hacking tools, services and enablers.
Deloitte estimates that some common criminal businesses can be operated for as little as USD 34 month and could return USD 25,000, while others may routinely require nearly USD 3,800 a month and could return up to USD 1 million per month.
For example, phish kits continue to be the overall most affordable approach both in terms of low estimate and average cost, while banking trojans are costlier, on average. A multiple payload campaign, unsurprisingly, is potentially the most expensive criminal business modelled in the study.
For every category of criminal, a product almost certainly exists which caters to their needs. The cost of these products does not necessarily correlate to the skill level of the threat actors who purchase them. Regardless, all are extraordinarily low cost compared to the resulting impact to the compromised organization.
The impact of a cyberattack as experienced by the compromised organization is, in many ways, intangible and more difficult to quantify. This includes costs associated with loss of intellectual property (IP) or contracts, operational disruption, credit rating impact, or damage to the value of a trade name.
Still, in dollars and cents, it is widely reported that the cost of a data breach is upwards of USD 4 million to an organization with the potential to cost hundreds of millions even billions of dollars in long-term resulting impact.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now