According to the FBI, cybercriminals scammed $26 billion between October 2013 and July 2019 with the “Business Email Compromise” scam that, using deceptive and manipulative social engineering techniques, lured employees and individuals into divulging their credentials and eventually making unauthorized transfers or funds. In 2017, MacEwan University in Canada was defrauded of some $11.8 million when a cybercriminal impersonated one of the university’s staff members and requested changing the bank account information of one of its vendors. Another report covering 31 countries — 60% of world population and a corresponding 85% of global GDP — estimated the financial loss of online scams in 2019 to be €36 billion.
In addition to direct financial losses, security-based offenses disrupt a company’s productivity — and its public reputation. For example, when 130 high-profile Twitter accounts were hacked in 2020, it was an embarrassing black eye for the company: a startling weakness in the company’s security, which was exploited by a 17-year-old’s low-tech attack. The vulnerability made the company look silly and caused its stock price to plunge by $1.3 billion (if only temporarily). It could have been much worse, too: Security breaches can also have legal and liability consequences for directors and senior managers.