The Rising Tide of Cybercrime and AI’s Role

The Rising Tide of Cybercrime and AI’s Role

The rising tide of cybercrime has shown that it is one of the world’s major growth industries. For years, the speed, scale, and sophistication of cyberattacks have been steadily increasing. With advances in AI, the threat is accelerating and amplified. But, as in other industries and applications, GenAI is a double-edged sword. It can be wielded by defenders or attackers, as a potent weapon in the cybersecurity arms race.

The Digital Downside

As our transactions, services, and human interactions gravitated online, crime followed. The global pandemic and shift to hybrid/home working provided further impetus to this significant downside of the digital revolution.

In France, for example, the spread of teleworking is cited as a major factor in a 400% increase in cyberattacks between 2020 and 2023. Many organizations worldwide have rapidly shifted applications and data to cloud-based services, creating new vulnerabilities. Since 2020, 79% of companies with cloud data had experienced at least one cloud breach. Similarly, an IBM review found 82% of violations involved data stored in the cloud. Data loss and leakage, data confidentiality, and accidental exposure of credentials were prime concerns.

The Digital Supply Chain Risk

The digital supply chain is another major risk – highlighted in 2021 by the log4j vulnerability in Java-based utilities (such as those generating error 404 ‘not found’ messages). Hackers had an opportunity to take control of countless servers worldwide. They were quick to respond: a third of the scanning activity to exploit the new weakness occurred within 30 days of release.

Ransomware and Internal Threats

A 2023 investigation of data breaches found that almost a quarter involved ransomware – usually organized crime groups encrypting data and demanding a ransom to return or unlock it. Although external actors were responsible for most breaches, 19% involved employees causing unintentional or intentional harm. Even AI-enhanced systems need safeguarding against human ignorance and indifference: 74% of all breaches had a human element – through error, misuse of privileges, stolen credentials, or social engineering (criminals duping victims into disclosing details, clicking on links or attachments, or visiting websites that install malware).

Universal Vulnerability

All sectors of industry, and public bodies, are targets. Big corporations offer the largest attack surface and spoils, but they devote more resources to protection. SMEs tend to be more vulnerable and lack cybersecurity professionals. However, skills shortages are widespread. A worldwide workforce survey in 2022 estimated there were 4.7 million people in those roles, but a shortfall of 3.4 million.

Global Cyber Espionage

The enemy does not lack human or capital resources. An analysis of Microsoft’s vast data pool showed a 51% increase in cybersecurity alert signals to 65 trillion over the 12 months to June 2023. That’s over 750 million per second. The most common targets were passwords. Phishing emails accounted for a quarter of attacks.

The tech giant tracked more than 300 separate actors, including 160 backed by nation-states and 50 ransomware groups. China, Russia, North Korea, and Iran launched cyberattacks against organizations in 120 countries.

Counting the Cost of Cybercrime

If cybercrime was concentrated in a single country, its economy would be the third largest, after the US and China. The damage in 2021 was estimated to be $6 trillion – double the 2015 toll. Cybersecurity Ventures expects this to grow 15% a year to $10.5 trillion by 2025 – more than the global trade in illegal drugs.

Global ransomware – the fastest-growing cybercrime – is estimated to have cost $20 billion in 2021, a 57-fold increase since 2015. By 2031, that could exceed $265 billion. According to IBM, the average cost of a data breach in 2023 was $4.45 million, a 15% increase in three years. Costs vary significantly with the size of the organization (as well as sector, country, and other factors). Studies from 2021 suggest the average cyber claim was €775,000 for mid-sized companies in France, but 6% faced costs of €3-10 million. In the US, meanwhile, small businesses suffered over 700,000 attacks in 2020 and $2.8 billion in damages.

The Extensive Costs of Cybercrime

The tab for cybercrime is long and includes lost data, stolen money, theft of intellectual property, business disruption and interruption, forensic investigations, restoration of data and systems, and reputational harm. Lawsuits may follow with clients or suppliers. Future sales can suffer.

As the threat – and target – increase, organizations must invest more in defense. The global cybersecurity market was worth $3.5 billion in 2004. Spending over the five years to 2025 is projected to hit $1.75 trillion. By then, total global data storage could exceed 200 zettabytes. Everywhere from smartphones to private and public IT infrastructures, and IoT (Internet of Things) devices, half that data could be in the cloud.

Stay Ahead in the Cyber Arms Race with SRED

With the rising tide of cybercrime and AI’s role your business needs to stay ahead. The SRED program can help you innovate and strengthen your defenses against the growing menace of cybercrime. Leverage SR&ED tax credits to fund your projects, develop cutting-edge AI-driven cybersecurity solutions, and safeguard your critical data. Don’t let cybercriminals outpace you—invest in your future with SRED.

The latest edition of the IT and Tech report, “Out of the bottle. But is GenAI a cure-all?” takes a deeper dive into the rising tide of cybercrime and AI’s role, contact us today to discover how we can support your cybersecurity and AI innovations!