Cyberattacks may be draining as much as $140 billion and half a million jobs from the U.S. economy each year, according to a new study that splashes water on a previous estimate of $1 trillion in annual losses.
"That's our best guess," said James Andrew Lewis, the director of the technology and public policy program at the Center for Strategic and International Studies.
The center completed the study with the help from cybersecurity giant McAfee and came up with the new figures by relying on models, such as those used to estimate the economic effects of car crashes and ocean piracy, instead of surveys of companies.
Four years ago, McAfee and then politicians and other industry leaders started citing a $1-trillion figure that had been based on surveys. Lewis called reliance on surveys faulty, and McAfee was quick to say on Monday that it commissioned the new study to refine the widely cited and often-criticized tally.
"We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyberactivity," said Mike Fey, executive vice president and chief technology officer at McAfee.
The report looked at intellectual property theft, cybercrimes such as phishing and text messaging fraud, loss of sensitive business information, service disruptions, security costs and damage to reputation.
Lewis and co-author Stewart Baker, a distinguished visiting fellow at CSIS, said that they were still working to determine cybercrime's impact on innovation. They suggested a follow-up report might come out with a bigger number.
But preliminarily, they found U.S. losses to be somewhere between $20 billion to $140 billion, or about 1% of the nation's GDP. They pegged job losses at 508,000.
"The effect of the net loss of jobs could be small, but if a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effect could be wide ranging," Lewis said.
At a press conference Monday, McAfee vice president and chief technology officer Phyllis Schneck said determining the "sharper, accurate" estimate was important to help boardroom decision-makers weigh cybersecurity investments.
"What we've discovered is this is a much, much deeper issue," she said. "We want to make sure networks get safer. We want to get to the day where companies spend less on cybersecurity."