A new study from Computer Economics released Monday finds that direct cost damages from malware attacks have been declining worldwide over the past two years. In 2006, damages fell to $13.3 billion, from $14.2 billion in 2005, and from $17.5 billion in 2004.
“Anti-malware technology is becoming more widely deployed and is fairly effective in defending against many types of malware threats,” said Mark McManus, vice president of Research at Computer Economics, in a statement. “The antivirus vendors do a pretty good job of responding quickly to new variants, so new attacks don’t have the time they used to have to develop into massive new worldwide infections.”
The study also found that a shift in the motivation of malware authors has much to do with the decline in direct cost damages. “Malware authors today prefer to make money from malware,” said Frank Scavo, president of Computer Economics, in a statement. “Rather than wreak havoc, cyber-criminals are using infected machines to serve as spam proxies, perpetuate click-fraud, or sniff passwords, for example.”
As a result the decline in direct-cost damages may not be all good news. “The cost of cleaning up a spyware infection might be a few thousand dollars in terms of labor,” said Scavo. “But if a hacker was using that piece of spyware to sniff passwords and gains access to the corporate network, the indirect or secondary damages could be enormous.”
These findings are contained in special report, the 2007 Malware Report: The Economic Impact of Viruses, Spyware, Adware, Botnets, and Other Malicious Code. The 51-page report also provides a breakdown of the cost of malware by size of organization, an analysis of the cost of individual malware events, and much more.