According to a statistical study by the economic research firm Asterès, computer attacks would have cost French organizations around two billion euros in 2022. A welcome accounting job: as this structure reminds us, the latest estimate of the aggregate cost of cyberattacks in France dated back to 2013, with partial costing and limited to production losses.
Commissioned by the Club of IT infrastructure, technology and production managers (Crip), the firm estimates the direct cost of successful cyberattacks at 887 million euros, 888 million euros in ransoms paid and 252 million euros production losses.
Alarmist estimates
At first glance, these figures seem believable. For example, they are relatively modest compared to the French GDP (2642 billion euros). Asterès’ figures are thus much less thunderous than Cybersecurity Ventures’ estimates. This company disseminates the most alarmist estimates – often the most shared -, such as that of a cost of 6,000 billion dollars in 2021, which would nevertheless represent 6% of world GDP, an enormous weight which seems doubtful.
The global estimate of Asterès is finally in line with what can be seen elsewhere. In the United States, the latest report from the FBI’s Internet Crime Complaint Center counted 800,000 complaints reporting damages of ten billion dollars.
Mined land
But if no one had tried the costing exercise in recent years, it is probably also because the land is mined. Example with the amount of ransoms paid in France, estimated at a total of 888 million euros by the firm Asterès. To arrive at this figure, the authors of the study crossed the estimate of the average amount of a ransom (Coveware data) with the probability that a French company will pay a ransom (Hiscox survey conducted among 921 representatives of organizations French).
A methodology that can therefore be slippery. This calculation is also to be weighed against the observations of Chainalysis, which had traced $457 million in ransoms paid in 2022 worldwide and $766 million the previous year. Much lower amounts!
Rare data
So who is right and who is wrong? Asked by ZDNET.fr, the Asterès firm believes that the specialist in blockchain investigations is underestimating. But “we are aware that in this field the data are rare and tend to diverge”, he adds.
Before referring to a final figure, that of the American agency specializing in monitoring financial crime, FinCEN, which estimates the amount of ransoms paid in 2021 in the United States at 1.2 billion dollars. An amount this time too close to that of the ransoms paid in France calculated by Asterès… So many data which ultimately remind us that this kind of estimate must be taken with caution.