New CSIS Report: Estimating the Global Cost of Cybercrime

June 16, 2014
Categories: Intellectual Property, Intellectual Property Protection

The Center for Strategic and International Studies (CSIS) has published a report on the global cost of cybercrime and cyberespionage, and how such theft can impact intellectual property (IP) and IP-intensive industries. The McAfee-funded report – Net Losses: Estimating the Global Cost of Cybercrime – indicates that the most important cost of cybercrime is inflicted on company performance and national economies, particularly in the realm of innovation.

While intellectual property losses are some of the most difficult damages to estimate, IP is by far the most important variable for determining overall loss from cybercrime. IP theft can range from chemical formulas to the highest military technology, and losses can vary accordingly depending on the sector and the nature of the IP stolen.

IP theft shifts trade balances and employment levels, especially impacting those countries where innovation and IP-intensive industries are central to wealth creation. G20 nations suffer the bulk of damages; losses from cybercrime for the world’s four largest economies (the US, China, Japan, and Germany) have reached $200 billion. For developed countries, cybercrime has the toxic effect of shifting employment away from high value-creating jobs. An earlier CSIS report showed that losses from cybercrime could eliminate more than 200,000 jobs in the US.

The report found that the cost of IP stolen does not reflect the full cost inflicted on victim countries. The broader impact can be seen though neutralizing returns on IP creation, in which cybercrime disincentivizes innovation and slows economic growth. A company heavily invested in R&D is hit hardest and may be put out of business by targeted cybercrime. Some sectors, including aerospace, chemicals, defense, energy, finance, and IT are more likely to be targeted and face persistent attacks.

The Organization for Economic Development (OECD) estimated that various IP theft, including counterfeiting and piracy, costs companies as much as $638 billion per year, while a US Department of Commerce report indicates that US companies alone face costs of $200-250 billion annually. Cybercrime is an extremely low-cost, high-gain operation for the perpetrators, while incredible costs are inflicted on the victims.

Cybercrime reduces returns to IP creators, and given the nature of IP, these damages can be invisible to the victims until after the IP is being used and monetized by other players. For this reason, companies have a tendency to underestimate risk and fail to implement protective measures. According to the report, Nortel’s patents brought in $4.5 billion when they were sold, but the company suffered from cyberespionage, even enduring hackers sitting unnoticed on their networks for months before discovery. While the report makes the case that the damage of IP theft is limited by the ability of the thief to utilize the stolen technology, companies must be prepared to manage their risk, particularly those in high-risk sectors.

The damage from cybercrime and cyberespionage is significant. International trade and employment factors are impacted by such crime, and the threat is increasing. Governments need to ensure that legal frameworks are in place and vigilantly enforced to create disincentives for bad actors to engage in cybercrime.  At the same time, companies need to proactively implement protective measures against such hacking to try to stay ahead of cybercrime and protect their assets and intellectual property.

Access the CSIS report here, and the report summary here. IP Protection Resources

·         CREATe – PwC Report: Economic Impact of Trade Secret Theft:  A Framework for Companies to Safeguard Trade Secrets and Mitigate Potential Threats

·         IP Model Policies: sample policies covering the eight categories for an effective IP protection program

·         Guide for IP Protection: preview of’s 250+ page Guide included with CREATe Leading Practices for IP Protection