Cybercrime Costs. PHOTO: Cybercrime Magazine.

When CEOs Neglect Cybersecurity, Their Companies Pay For It

Cyberspace Solarium Commission (CSC) 2020 Report on the cost of cybercrime to U.S. organizations

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Aug. 6, 2020

The status quo in cyberspace is unacceptable, according to the U.S. Cyberspace Solarium Commission’s (CSC) 2020 Report. To put it another way, every American organization — in the public and private sector — is infected with malware, says Jack Blount, president & CEO at Intrusion, Inc.

On top of that, no one can put their finger on exactly how many businesses have human intruders dwelling inside of their networks at this very moment.

If one thing is for sure, it’s that the cybercrime bill is huge. Cybersecurity Ventures predicts that cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

The CSC, on the web at Solarium.gov, was established in 2019, and 11 months later it published a groundbreaking report which proposes a strategy of layered cyber deterrence — to protect all U.S. businesses and governments from cybercrime and cyberwarfare.

While the March 2020 report was a premature delivery (originally scheduled for one year after the CSC was formed), it hardly looks like a preemie. A 16-page executive summary for C-suite and boardroom executives is a precursor to the 174-page report intended for CISOs and security leaders.

Mark Montgomery, executive director at the CSC, says the commission has a bias towards action.

In early June, the CSC released a new white paper, “Cybersecurity Lessons from the (COVID-19) Pandemic,” which highlights more than 30 recommendations from their original report, along with five new recommendations. And last month the CSC put forth Fiscal Year 2021 legislative proposals containing 54 comprehensive legislative actions that seek to operationalize the commission’s strategy of layered cyber deterrence.

Blount and Montgomery recently came on the Cybercrime Magazine podcast for a discussion around the CSC’s flagship report.


Cybercrime Radio: Cyberspace Solarium Commission 2020 Report

Mark Montgomery & Jack Blount on layered cyber deterrence


“I was extremely impressed with the CSC report,” says Blount, a well-known cybersecurity expert who spent three-plus years as chief information officer and director at the U.S. Department of Agriculture. Blount calls the report the best he’s ever read out of the federal government — an extensive, comprehensive, honest, and hard-hitting report with desperately needed guidance.

Blount encourages the CEO, CFO and CIO at every business in America to read and understand the CSC report. Montgomery says that CISOs already know the problem, but they need more C-suite and boardroom awareness in order to get the budgets needed to shore up their cyber defenses.

Right now there are roughly 3,000 CISOs and 34 million businesses in the U.S, according to Blount. The CSC report is especially important reading material for the legions of small and mid-sized businesses without a CISO. “We have to stop living with our heads in the sand thinking it’s (cybercrime) not going to happen to us,” says Blount. He calls this mentality the American way.

Ransomware, the fastest growing and one of the most damaging types of cybercrime, will ultimately convince senior executives to take the cyber threat more seriously, says Montgomery — but he hopes it doesn’t come to that. Cybersecurity Ventures predicts that ransomware damages will cost the world $20 billion in 2021, which is 57X more than it was in 2015.

“The enemy is now using AI (artificial intelligence) against us,” warns Blount. “It’s critical for business and government to understand the average attack is not coming from a person at a keyboard — instead it’s coming from an AI algorithm running on a supercomputer and it’s going night and day attacking every IP address it can find on the internet. It doesn’t care if you’re small or big.” As a result, Blount hasn’t met one organization over the past five years, large or small, that hasn’t been a victim of malware.

5G is another worry for Blount, and it should be for everyone else. He says it’s a giant step forward technologically, but it will also expose us to cybercrime many times over compared to now, and we aren’t ready for it.

Blount has some predictions of his own, and they’re far scarier than any cybereconomic statistics. He says that in the next two years the U.S. is going to see a major banking outage that won’t let us use credit cards for 72 hours or longer — and we’ll suffer a major electrical outage across the nation. This is precisely why he’s pushing so hard for business executives to read the CSC report.

Most cybersecurity budgets (at U.S. organizations) are increasing linearly or flat, but the cyberattacks are growing exponentially, according to Montgomery. This simple observation should be a big wake-up call for C-suite executives. Cybersecurity Ventures predicts that the world will spend $1 trillion on cybersecurity products and services cumulatively from 2017 to 2021. While that may sound like a big figure, it pales in comparison to the cybercrime costs that the world is incurring.

“Every company should have a CISO or cybersecurity expert on their board — because cybercrime is the greatest risk that every company faces,” says Blount. The idea is to put someone in the boardroom who will wave the red flag and get everyone else paying attention to the severity of the risk. Montgomery agrees and says attention is the number one priority, not bringing in a new CISO — instead empower the CISO that you have.

If gross neglect to cybercrime on the part of most U.S. organizations is the real problem, then the CSC report can be an excellent way of calling attention to it. For Blount’s part, he’s so passionate that it’s on the homepage of his business, Intrusion.com.

Cybercrime is often hidden by its victims because businesses don’t want the reputational harm, according to Blount. That needs to change. At this point, every company has been hacked, or will be. We might as well be honest about it when suffering a cyberattack — to the benefit of other organziations, and to the detriment of cybercriminals. Knowledge is power in the war against cybercrime, and we all need to band together and help each other.

To read the CSC report, its COVID-19 whitepaper, and its legislative proposals, go to solarium.gov. Previously, Mark Montgomery joined us for a podcast episode on the formation, mission, and structure of CSC — Listen here.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by Intrusion

Intrusion Inc. is a global provider of entity identification, high speed data mining, cybercrime and advanced persistent threat detection products.

Intrusion’s products help protect critical information assets by quickly detecting, protecting, analyzing and reporting attacks or misuse of classified, private and regulated information for government and enterprise networks.

We believe that the Internet should be a safe place to work! Free from cyber crime, ransomware, theft of trade secrets, harvesting corporate knowledge, insider threats, and IoT extraction of data.