Digital Conflict

By Kevin Coleman

Blog archive
Kevin Coleman

Cyber spies fleece US business while defense scrambles

As soon as the term spying comes up, most people conjure up the mental image of James Bond, the spy of all time. That image of spying is in dire need of an update. Today, spying does not just target governmental, diplomatic and military secrets. Spying is now just as much about the next generation of products and technological innovation.

It was recently disclosed that losses from open cases of corporate espionage under investigation by the FBI total $13 billion. It was a shock to me that industry organizations in countries such as South Korea and Israel are often said to be the recipients of illegally obtained secrets. I thought they were our allies. Of course, the largest offender is said to be China, which should not surprise anyone.

What about our defenses? Have we taken this problem seriously and put the proper level of protection in place? I took a look at one multibillion dollar organization on which I had detailed information, and came up with the following: 

  • Breach risk dollars: The estimated total dollar risk of a breach is about $263.8 million. (That’s the total records containing personal information times $194, the average per record breach cost.)
  • Security team load: Cybersecurity team revenue protection burden of more than $136 million. (That’s the total dollars of revenue divided by the number of security team full-time equivalents.)

The back-of-the-envelope metrics surprised the heck out of me. Those two metrics would seem to indicate a significant amount of responsibility for each individual member of the security team. Does this sound reasonable?

Posted by Kevin Coleman on Apr 26, 2012 at 12:54 PM

Reader Comments

Mon, Apr 30, 2012 Junior Admin

Your analysis would make sense if the only kind of espionage involved was identity theft (your example).

However, we usually think of identity theft as cyber crime not espionage. The people doing the stealing are in eastern block countries (and others).

Espionage is more about stealing trade secrets. One secret may be worth millions all by itself. An analysis of records in this context is silly.

What is your view of the proposed change to patent law to hide the contents of a patent if it could prevent "economic security"? This seems a more relevant topic.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Defense Systems eNewsletters