CYBERCRIME AND THE

INTERNET OF THREATS

www.juniperresearch.com

CYBERCRIME AND THE INTERNET OF THREATS

Cyberterrorism a process of premeditated illegal attacks against

computer systems, computer programs and data, with the intended
result of violence against civilians or civilian targets in the service of
political aims.

Cyberwar a process of premeditated attacks against computer

systems, computer programs and data of one state by another state or
state-sponsored actor.

1.1 Introduction
As more and more business infrastructure moves online, so do those
wishing to destroy or defraud that infrastructure. Cybercrime is a growing
threat to corporations and consumers, who are increasingly using online
methods to run their businesses and lives. With the advent of mobile
computing, this is only likely to become more common.

1.3 Cybercrime and the Finance Industry

1.2 Definitions
Cybercriminals carry out their activities for a range of reasons and in a
variety of ways, which Juniper Research defines as follows:

Cybercrime - any illegal activity conducted primarily through the covert

use of hardware or software. This means that other commonly used
terms, such as cyberespionage and cyberterrorism, are also defined as
cybercrime.

Cyberespionage illegal use of hardware or software with the intent to

steal secrets, whether from a business or governmental target.

Cyberactivism also called hacktivism, this is the process of

organising, or practicing, politically-motivated action of any type through
Internet-based media, computer systems and data. This definition
includes all forms of cyberterrorism. Readers should also note that
cyberactivism is not necessarily illegal, although it can be if direct action
is taken by cyberactivists.

Banks themselves are likely to be some of the most safety-conscious

entities, so the areas most targeted by cybercriminals do not focus on
banks, but on methods to target the consumer; phishing, vishing and
keystroke logs to enable forms of identity theft being the most common.
This relies the consumers lack of knowledge, rather than breaching the
banks security itself.
The damage caused by many uncovered attacks against banks
themselves in recent years has been primarily reputational and could,
potentially, result in abnormal churn as customers feel unsafe and leave
their current bank for another, with associated financial effects. However, a
recent attack on JPMorgan Chase showed that customer details are often
targeted by cybercriminals even if there is no immediate financial use for
them. A probable reason for this is that when cybercriminals have
consumers details, those customers can then be targeted as part of a
spearphishing operation, where information in the phishing communication
is tailored to be more attractive to the specific target.

CYBERCRIME AND THE INTERNET OF THREATS

1.3.1 The Importance of Social Engineering

Many types of banking cybercrime rely on social engineering; convincing
the consumer that they have a legitimate reason to respond to the
demands of the cybercriminal.
The aim is to either modify a users behaviour to accept the redirection
required as part of a phishing MITM (man-in-the-middle) attack, bypassing
or disclosing security requirements because they believe the source of the
instruction to be genuine.

1.4 Mobile Malware is Miniscule

Despite the increasing prevalence of smartphones and other connected
devices worldwide, traditional computing remains the focus of most
cybercrime.
A report published by Kindsight highlights that mobile malware is
comparatively rare, with an estimated infection rate of 0.68% of the
smartphone installed base in 2014.1
This is due to a combination of limited profitability for cybercriminals (with
no guarantee of valuable details through the hack) and the need to
develop a sophisticated understanding of mobile software, which is still
relatively new and evolving at a much faster rate than that observed for
desktop PCs.
However, smartphones will be the most common mobile device targeted
by cybercriminals, as there is virtually no Internet of Things-based malware
1

Available for download at https://resources.alcatel-lucent.com/asset/184652

available. Mobile malware will remain a relatively small proportion of the

overall malware in circulation until truly cross-platform OSs (Operating
Systems), particularly Windows-based cross-platform Oss, are introduced.

1.5 The Cost of Cybercrime

Cybercrime creates financial costs for those it targets, either directly
through loss of data or money as a result of the attack, or indirectly in the
form of additional preventative measures required to combat cybercrime
(additional staff, server resources, advanced software etc).
Typically the most expensive forms of cybercrime are data breaches,
those attacks which result in the criminals seizing business or personal
records.
The cost of cybercrime is disproportionately heavy on smaller businesses.
Larger organisations are more likely to be able to weather the resultant
costs from a large scale data breach.
Juniper Research estimates the global average cost of a cybercrime attack
to be close to $6 million (higher in North America and West Europe), which
is more than many small and medium-sized enterprises annual revenue.

CYBERCRIME AND THE INTERNET OF THREATS

1.5.1 Variations by Industry

The size of reported data breaches varies by industry, as does the frequency of those breaches. The following figure shows the distribution of recorded data
breach2 sizes in in the US during 2014, as a proportion of the total data breaches per industry.

Figure 1: Distribution of Records Exposed per Breach as a Proportion of the Total Data Breaches per Industry (%) US 2014
60.0%

50.0%

40.0%

30.0%

20.0%

10.0%

0.0%
<101

Banking/Financial

101-1,000

1,001-10,000

Business

Education

10,001-100,000

100,001-1,000,000

Government/Military

1,000,001-10,000,000 10,000,001-100,000,000

Medical/Healthcare

Overall

Source: ITRC (Identity Theft Resource Centre), Juniper Research

These breaches are recorded according to the definition of the ITRC: The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, drivers license number, medical record or financial record (credit/debit
cards included) is potentially put at risk because of exposure.
2

CYBERCRIME AND THE INTERNET OF THREATS

Note that this is not the same as the overall attack distribution. In terms of number of breaches, the Medical/Healthcare category surpassed all others; 300 out
of the 490 data breaches recorded by the ITRC with a number of records exposed originated in the Medical/Healthcare category. We would also remind our
readers that this and any estimates of the cost of cybercrime is, by virtue of imperfect knowledge, a partial view. We note that 37.4% of the 783 breaches
recorded by the ITRC do not include a number of records and are therefore excluded from this analysis.

Table 2: Distribution of Breach Sizes as a Proportion of the Total Data Breaches per Industry (%) US 2014
Banking/
Financial

Business

Education

Government/
Military

Medical/
Healthcare

Overall

100 or less

0.0%

6.4%

0.0%

3.0%

1.0%

2.0%

101-1,000

11.1%

16.7%

22.2%

20.9%

27.3%

24.1%

1,001-10,000

22.2%

25.6%

33.3%

43.3%

51.7%

44.5%

10,001-100,000

55.6%

34.6%

33.3%

25.4%

17.7%

23.3%

0.0%

10.3%

11.1%

3.0%

2.0%

4.1%

11.1%

5.1%

0.0%

4.5%

0.3%

1.8%

0.0%

1.3%

0.0%

0.0%

0.0%

0.2%

Records Exposed

100,001-1,000,000
1,000,001-10,000,000
10,000,001-100,000,000

Source: ITRC (Identity Theft Resource Centre), Juniper Research

1.5.2 Cost of Cybercrime-Related Data Breaches

In calculating the global cost of cybercrime, Juniper Research has focused on the data breach as the primary unit of analysis. While downtime from DoS and
DDoS attacks does account for a significant proportion of lost revenue, the volume and frequency of such attacks, as well as their success rate, varies greatly,
which makes accurately modelling their effect impossible.
We have not attempted to model the cost of malware-enabled cybercrime because only a small fraction of attacks do the bulk of the damage, making it
impossible to generalise. For example, IBM enterprise clients experienced on average 74,300 cyberattacks in a year as of July 2013, of which only 90.2 (0.12%)
resulted in security incidents.

CYBERCRIME AND THE INTERNET OF THREATS

Juniper Research anticipates that the annual cost incurred from malicious
data breaches will exceed $2 trillion in 2019. This is 2.2% of the IMFs
forecast global GDP that year.

While it is responsible for under 80% of global criminal data breaches,

the high-value nature of US breaches means they account for over 90%
of the global cost of data breaches.

Figure 3: Annual Cost of Criminal Data Breaches in 2019

($2.0 Trillion)

We assume that the cost-per-record is going to increase in future, as

more sensitive data is stored online as a matter of course.
a)

North America

Latin America

West Europe

Central & East Europe

Far East & China

Indian Subcontinent

Rest of Asia Pacific

Africa & Middle East

Source: Juniper Research

However, the global increases in income means that this will

become less concentrated over time, as greater numbers of
wealthier targets emerge in other regions.

DIGITAL ADVERTISING GETS PERSONAL

Order the Full Report

from cybercrime has changed in past couple of years in response to

changes in the IT industry.

The Future of Cybercrime & Security: Financial & Corporate Threats

& Mitigation 2015-2020

This incisive report on the current and future cybercrime landscape

provides an in-depth analysis of the current threats posed to a variety of
vital digital commerce and connected device markets, as well as
roadmapping their future evolution.

Sector-by-Sector Cybercrime Threat Analysis outlines the most

prominent malware-based threats to different business types and
presents an assessment of the current threat landscape and its
evolution in the coming years.

Interactive Forecast Excel Highly granular dataset comprising

almost 400 data points, allied to a What-If Analysis tool giving user the
ability to manipulate Junipers data (Interactive XL).

Key Features

Investigates the threats posed to key eCommerce and mCommerce

sectors, including payments, money transfer, retail and banking.

Analysis of developments in the cybercrime ecosystem and what they

imply for the future direction of malware for devices, from smartphones
to wearables and the Internet of Things.

Publications Details
Publication date: May 2015

Typology of cybercrime threats, with key features and protective

strategies included alongside the likely evolution of cybercrime.
Juniper Threat Landscape Assessment and future projections for the
level of threat and its probable impact on each sector.
Projections of the scale and cost of data breaches at a global and
regional level from 2015 to 2020.

Author: James Moar

Contact Jon King, Business Development Manager, for more information:
Jon.King@juniperresearch.com
Juniper Research Ltd, Church Cottage House, Church Square,
Basingstoke, Hampshire RG21 7QW UK
Tel: UK: +44 (0)1256 830001/475656 USA: +1 408 716 5483
(International answering service) Fax: +44(0)1256 830093
http://www.juniperresearch.com

Whats in this Research?

Outline of Trends and the Future Direction of Cybercrime

discusses the evolution of the cybercriminal market and how the threat