The study by the security firm McAfee and the Center for Strategic and International Studies said the US economy loses some $100 billion to cyber crime and cyber espionage, including loss of key business data and intellectual property.
The estimate is lower than some earlier reports which put the costs as high as $1 trillion, but study authors said it was a matter of narrowing the range of damage from cyber attacks.
“It will always be a range,” said James Lewis, a CSIS scholar on cybersecurity and co-author of the report.
“The data is either sparse or distorted.”
But Lewis said the report offers a better way to compare the cost of cybercrime to other types of risks such as drug trafficking or other types of theft.
“We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyber activity,” said Mike Fey, chief technology officer at McAfee.
“Other estimates have been bandied about for years, but no one has put any rigor behind the effort.”
The report said the impact of cybercrime includes loss of intellectual property and confidential information; reduced trust for online activities; additional costs for security, insurance and recovery; and damage to reputations.
Lewis said the impact on business could translate into the loss of as many as 508,000 jobs in the United States, based on a government formula for the ratio of exports to US jobs
“The raw numbers might tell just part of the story,” he said.
“The effect of the net loss of jobs could be small, but if a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effect could be wide ranging.”