Sunday, June 10, 2007

Malware damages fall to $13.3 billion annually

Over at Computer Economics, we've just released our latest annual Malware Report. Included in the report, is our estimate of annual worldwide direct cost to business of malware attacks, where we report that such damages fell to $13.3 billion last year, from $14.2 billion in 2005.

We attribute the drop in direct cost damages to two factors, one good, one bad.
  • The good factor is that, in our estimation, the antivirus vendors do a pretty good job of thwarting malware attacks before they can become the massive worldwide storms that organizations experience in previous years. It's been some time since we've seen an attack like the Love Bug in 2000, or even MyDoom, Netsky, or Sasser in 2004.
  • The bad factor is that much of the drop in direct damages has to do with the changing nature of malware. Malware authors these days aren't writing viruses, worms, and trojans primarily to cause damage, but to make money. To make money, you don't damage the host computer--you keep it running to serve as a spam proxy, or to perpetuate click-fraud, or to steal confidential information, for example.
Therefore, direct cost damages may be declining but indirect and secondary damages are increasing. Follow the links below for further discussion of the implications of this point.

The full report, entitled, 2007 Malware Report: The Economic Impact of Viruses, Spyware, Adware, Botnets, and Other Malicious Code analyzes the cost of malware at the worldwide, organization, and event level.

An extended description of the report is available, as well as a more complete excerpt, on the Computer Economics website.

No comments: