New research forecasts the staggering cost of cybercrime

A new study released Tuesday reaffirms what we in Microsoft’s Digital Crimes Unit have seen for some time now – cybercrime is a booming business for organized crime groups all over the world. The study, conducted by IDC and the National University of Singapore (NUS), reveals that businesses worldwide will spend nearly $500 billion in 2014 to deal with the problems caused by malware on pirated software. Individual consumers, meanwhile, are expected to spend $25 billion and waste 1.2 billion hours this year because of security threats and costly computer fixes.

As we announced in November, the Microsoft Digital Crimes Unit recently brought together 100 cybercrime experts from around the world – and across the areas of IP crimes, botnets, malware and technology-facilitated  exploitation of children and the elderly – to form one global organization, so that when focus areas intersect, we can work better to build a safer Internet. The study released Tuesday, entitled “The Link Between Pirated Software and Cybersecurity Breaches: How Malware in Pirated Software is Costing the World Billions,” underscores how much these categories of crime overlap. NUS’s forensic analysis, for example, uncovered that of 203 computers purchased in 11 countries as “new” (but actually loaded with pirated software), 61 percent were infected with dangerous malware. Most of the infected computers had more than one malware threat on them, and any one threat could infect multiple files. 

While these statistics are frightening, they shouldn’t be a surprise. After all, cybercriminals aim to profit from any security lapse they can find. And through pirated software, they’ve found another way to introduce malware into computer networks – breaking in so they can grab whatever they want: your identity, your passwords and your money. At the Microsoft Cybercrime Center, we’re focused on reducing malicious software crimes to keep personal and financial data safe and secure for everyone, reducing the financial incentive for criminals. Why? Because as the study uncovered, it’s a top concern for consumers, businesses and governments.

Sixty percent of consumers surveyed say their greatest fear from infected software is the loss of data, files or personal information, followed by unauthorized Internet transactions (51 percent) and hijacking of email, social networking and bank accounts (50 percent). But what really struck me is that, despite fearing such losses and attacks, 43 percent of these same consumers admitted they do not install security updates, making them sitting ducks for cybercriminals. Not protecting your computer these days is equivalent to leaving the doors and windows to your house unlocked. So when it comes to cybersecurity, we have a lot more work to do to persuade people to change their behavior.

The study also revealed that enterprises are particularly hard hit by malware introduced via pirated software. In 2014, businesses will spend $127 billion dealing with security issues and $364 billion dealing with data breaches, and almost two-thirds of these losses, or $315 billion, will be the result of organized crime – malware launched by financially motivated criminals. As for governments, they could lose more than $50 billion dealing with the costs associated with malware on pirated software in 2014. Government officials surveyed by IDC say their greatest concern from infected software is the loss of business trade secrets or competitive information (59 percent), followed by unauthorized access to confidential government information (55 percent) and the impact of cyberattacks on critical infrastructure (55 percent).

The IDC/NUS study was released as part of Microsoft’s “Play It Safe” campaign, a global initiative to create greater awareness of the connection between cybersecurity breaches, malware and piracy. The global study surveyed 1,700 consumers, IT workers, CIOs and government officials in 15 markets, in addition to conducting the forensic analysis on the 203 computers.

The results of this study demonstrate, once again, how vital it is that individuals, small businesses, enterprises and government institutions buy new computers from reputable sources and demand genuine software. Because if you don’t, you never know what will come along for the ride.

Microsoft remains committed to protecting unsuspecting consumers from downloading or purchasing non-genuine software that exposes victims to malware, which can lead to identity theft, loss of data and system failures. Customers are encouraged to visit http://www.microsoft.com/security to learn more about malware and ensure their computers are not infected; if malware is present, the site offers tools to remove the infection. We will also continue to take action to stop cybercriminals who use malware-infected pirated software to victimize millions of other people around the world, as we did in recent botnet operations like the Nitol and Citadel cases.

More information about the IDC study is available at the Microsoft Play It Safe website, http://www.play-it-safe.net, and the Digital Crimes Unit newsroom, http://www.microsoft.com/en-us/news/presskits/dcu/default.aspx. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

About the Author

Associate General Counsel & Executive Director, Microsoft Cybercrime Center