Cyber spies fleece US business while defense scrambles

As soon as the term spying comes up, most people conjure up the mental image of James Bond, the spy of all time. That image of spying is in dire need of an update. Today, spying does not just target governmental, diplomatic and military secrets. Spying is now just as much about the next generation of products and technological innovation.

It was recently disclosed that losses from open cases of corporate espionage under investigation by the FBI total $13 billion. It was a shock to me that industry organizations in countries such as South Korea and Israel are often said to be the recipients of illegally obtained secrets. I thought they were our allies. Of course, the largest offender is said to be China, which should not surprise anyone.

What about our defenses? Have we taken this problem seriously and put the proper level of protection in place? I took a look at one multibillion dollar organization on which I had detailed information, and came up with the following: 

• Breach risk dollars: The estimated total dollar risk of a breach is about $263.8 million. (That’s the total records containing personal information times $194, the average per record breach cost.)
• Security team load: Cybersecurity team revenue protection burden of more than $136 million. (That’s the total dollars of revenue divided by the number of security team full-time equivalents.)

The back-of-the-envelope metrics surprised the heck out of me. Those two metrics would seem to indicate a significant amount of responsibility for each individual member of the security team. Does this sound reasonable?