Can the cybercrime threat be contained?

Executive Summary

In an increasingly digital world, a daily battle is being waged over the safety of internet users’ data. The 3.9 billion people who use the Web to shop, invest, communicate with friends or interact with healthcare providers are constantly providing personal information that can offer entry points to their financial assets, health histories and credit records. The cyberthieves working to steal this data are increasing in number and sophistication, as recent online attacks demonstrate. Some hackers offer their stolen wares for sale on the so-called Dark Web; others seek to extort money from victims by, in effect, making them buy back their own data. “Cybercriminals are evolving and pushing the boundaries,” one analyst said. In response, companies are strengthening security measures and governments at all levels are imposing new rules to contain the threat.

Here are some key takeaways:

  • Hacking has morphed from a lone-wolf activity to a full-blown corporate enterprise.

  • The average cost of a data breach to an individual company is $3.62 million, and the global cost of cybercrime is projected to reach $6 trillion by 2021.

  • Banking and health care are among the favorite targets of cybercriminals because these industries gather so much valuable personal information.

Resources for Further Study



Payton, Theresa M., and Ted Claypoole, “Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family,” Rowman & Littlefield Publishers, Inc., 2015. The book details how citizens can protect their data while online and documents how much information we provide in order to get a coupon or buy an item on line.

Schneier, Bruce, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” W.W. Norton & Company, Inc., 2015. Schneier, chief technology officer at Resilient Systems Inc. and a fellow at the Berkman Center for Internet and Society at Harvard Law School, writes an overview of privacy and security that documents how private citizens are dissected by both corporations and government through their online data.


“WannaCry: Ransomware attacks show strong links to Lazarus group,” Symantec, May 22, 2017, Security experts believe Lazarus is behind the WannaCry ransomware that locked up 300,000 computers in 150 nations in May 2017 and several other cyberattacks, including a raid on the central bank of Bangladesh.

Choe, Sang-Hun, “North Korea Tries to Make Hacking a Profit Center,” The New York Times, July 27, 2017, North Korea has trained the nation’s hackers not only to steal other countries’ secrets, but to pursue their cash as well.

Cox, Joseph, “Hackers Threaten Release of Atlanta Professional Athletes’ Medical Data,” Motherboard, Nov. 16, 2016, A journalist looks at The Dark Overlord hacking group’s recent attempt to extort money from an orthopedic clinic by threatening to release the stolen medical records of high-profile professional athletes.

Greenberg, Andy, “The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes,” Wired, May 15, 2017, The hackers behind the recent WannaCry malware attack made a number of key errors that helped make the attack a “catastrophic failure” from a ransom perspective.

Hay Newman, Lily, “Medical Devices Are the Next Security Nightmare,” Wired, March 2, 2017, Many pacemakers and other implanted medical devices are vulnerable to cyberattack, offering hackers yet another way to extort money and steal medical information.

Johnson, Tim, “How The Dark Overlord is costing U.S. clinics big time with ransom demands,” Miami Herald, May 15, 2017, Ransomware attacks by The Dark Overlord hacking group have created havoc at large and small medical facilities across the country.

Masters, Greg, “New York’s new cybersecurity requirements go into effect today,” SC Media, March 1, 2017, New York’s first-in-the-nation cybersecurity requirements mean banking and financial services companies must encrypt non-public data, train workers in cybersecurity and take other steps to protect consumers and themselves.

Merica, Dan, “The life and death of Trump’s ‘cyber security unit’ plan with Putin,” CNN, July 10, 2017, The Trump administration retreated from the president’s proposal to cooperate with Russian President Vladimir Putin on cybersecurity after the proposal was widely criticized.

Paganini, Pierluigi, “The total potential loss for financial services globally is estimated at £8 billion,” Security Affairs, March 6, 2017, The latest ThreatMatrix Cybercrime Report says online lending has become a prime target for hackers, and most cybercrime activity originates in developing countries.

Seals, Tara, “Healthcare Breaches Spike 63% in 2016,” Infosecurity, Dec. 22, 2016, Cyberattacks struck 93 healthcare facilities last year and now present “a direct physical risk” to patients, according to a report from TrapX Labs.

Reports and Studies

“2016 Financial Industry Cybersecurity Research Report,” Security Scorecard, August 2016, The cybersecurity report documents the extent to which the healthcare and financial services industries are targeted by hackers and the vulnerabilities of both industries.

“Code Blue: Why Healthcare Organizations Are Facing More Cyber Attacks, And What They Can Do About It,” FireEye, 2015, A cybersecurity firm analyzes why the healthcare industry and the data it collects have become attractive targets for hackers.

“Cybersecurity and Financial Stability: Risks and Resilience,” Office of Financial Research, U.S. Treasury Department, Feb. 15, 2017, An independent bureau within the Treasury Department, created in 2010 to assess risks to the nation’s financial system, looks at how cyberattacks threaten financial stability and how companies and regulators are dealing with the problem.

“IBM X-Force Threat Intelligence Index 2017,” IBM, March 2017, More than 4 billion hacked records were leaked during “the year of the mega breach” in 2016, and cyberattacks that year “had a discernible impact on real-world events,” according to IBM’s security services.

“Overview of the General Data Protection Regulation (GDPR),” Information Commissioner’s Office, Aug. 17, 2017, An independent British regulatory office analyzes the European Union’s new personal data protection law.

The Next Step

Military Innovation

Mehta, Aaron, “Pentagon tech advisers target how the military digests data,” Defense News, April 6, 2017, The Pentagon is considering creating a central repository for its vast quantities of military data to remain ahead of the technological curve, after months of research determined that data management is key to innovation.

Popper, Ben, “A rebuke from the US army has DJI focused on improving security,” The Verge, Sept. 6, 2017, The world’s most successful drone company has come under scrutiny recently over the security and privacy of the millions of photos, videos, and flight logs it collects. The Army will continue using the company’s equipment only if it passes a security check.

Porche, Isaac, “Reservists and the National Guard offer untapped resources for cybersecurity,” TechCrunch, April 18, 2017, The U.S. Army Reserves and National Guard have thousands of people with cyber experience who could be trained as information security professionals to better defend national security in cyber terrain, according to research by the RAND Corporation, a California-based think tank.

Private Industry

Bendix, Aria, “GOP Firm Exposed U.S. Voters’ Personal Data,” The Atlantic, June 20, 2017, A marketing firm hired by the Republican National Committee accidentally made the personal information of almost every U.S. voter publicly accessible on the Amazon cloud server for two weeks in June, because the firm failed to password-protect the data.

Nakashima, Ellen, “Tech firm is fighting a federal demand for data on visitors to an anti-Trump website,” The Washington Post, Aug. 14, 2017, DreamHost, a private tech firm, is fighting a Department of Justice demand for internet data on visitors to a website the firm hosts that coordinated protests against President Trump on Inauguration Day.

Vincent, James, “Ghostery has been bought by the developer of a privacy-focused browser,” The Verge, Feb. 15, 2017, Cliqz, a German company that offers a browser focused on privacy protection, has acquired the anti-tracking and ad-blocking plug-in Ghostery to attract more international users, who will benefit from Germany’s strict data-protection laws.


Center for Insurance Policy and Research, National Association of Insurance Commissioners
444 North Capitol St., N.W., Suite 700, Washington, DC 20001
Studies cybersecurity issues for the National Association of Insurance Commissioners.

Center for Internet Security
31 Tech Valley Drive, East Greenbush, NY 12061
A nonprofit that works to protect public and private companies around the world from the threat of cyberattacks.

Office for Civil Rights, U.S. Department of Health and Human Services
200 Independence Ave., S.W., Washington, DC 20201
1-800-368-1019 (privacy questions)
The Health and Human Services Department office responsible for monitoring and protecting personal health data.

Office of Financial Research, U.S. Department of the Treasury
717 14th St., N.W., Washington, DC 20220
An independent bureau within the Treasury Department that assesses risks to the financial services industry.

Pew Research Center
1615 L St., N.W., Suite 800, Washington, DC 20036
Research organization that has conducted numerous surveys on public attitudes about cybercrime.

Ponemon Institute
2308 U.S. 31 North, Traverse City, MI 49686
A research organization dedicated to privacy, data protection and information security policy that has done extensive work documenting the cost of data breaches.

Privacy Rights Clearinghouse
3033 5th Ave., Suite 223, San Diego, CA 92103
A nonprofit that monitors invasions of consumer privacy, advocates for privacy rights and maintains a database of significant breaches.

DOI: 10.1177/237455680327.n1