Do cybercrime statistics ever shock you anymore?
The stats from emerging cyber threats are truly mind-boggling: cybercrime is up 30% in Q2 2024 (year to year), just under 90% of US businesses reported suffering a cyberattack in the last year, and global damage estimates are up to $10.5 trillion by 2025.
Consider this, from Cybercrime Magazine: the growth in cybercrime from 2015 to 2025 will be the greatest transfer of financial wealth in history, and be greater than the global total for natural disaster damage over a year. It will generate more profit for the criminals than the global trade of all illegal drugs combined.
It should be no surprise that governments across the world are desperate to act.
Ransomware, which has drawn increasing focus as it has paralyzed health care institutions worldwide, has been a particular focus for law enforcement. But despite real victories (like the breakup of LockBit and outing of its notorious leader), there are still regular reports like the one I read on Forbes last week, that a Fortune 50 company paid out a $75 million ransom earlier this year.
And we don’t even know who it is.
Earlier we looked at EU regulations and their clash with big tech. In this article we take on government cybersecurity regulations for 2024, the impact recent Supreme Court rulings will have, and what companies must do to navigate such waters.
The Current Regulatory Landscape
It’s hard to see the full scope of the problem with so many unreported attacks, making it unsurprising that recent cybersecurity law changes emphasize reporting.
Of course, it’s easy to understand why companies don’t always report in a timely fashion—they risk further attack via vulnerabilities they may not yet fully understand, suffer damage to their reputation, and risk exposure to litigation and government rebuke.