Companies everywhere are increasingly vulnerable to cybercrime, but U.S. companies appear to be even more threatened than most, says a new report.
According to PricewaterhouseCooper's 2014 Global Economic Crime Survey, U.S. businesses were hit harder financially by cybercrime relative to other countries in recent years
Seven percent of U.S. organizations lost $1 million or more, compared with 3 percent of global organizations, according to PwC. And 19 percent of U.S. organizations lost between $50,000 and $1 million, compared with just 8 percent of global respondents. The report, which was released Wednesday, measures damages from 2011 to 2013.
This growing cost of cyberattacks has spurred lawmakers' interest in the issue, said Tom Ridge, CEO of Ridge Global and former secretary of the Department of Homeland Security, at a panel discussion hosted by PwC in New York on Wednesday. While no legislation has been passed, it's likely things are moving in that direction, he said.
Last week, the Commerce Department issued a set of "voluntary" guidelines for banks and other companies that support critical infrastructure in an effort to get organizations to increase their security measures. These guidelines probably won't be voluntary for long, Ridge said.
"Whenever the government comes around with guidelines, it usually becomes a mandate," Ridge said.
"And whether mandates truly end up being helpful or not remains to be seen," he said. "The challenge is for people to accept the notion that compliance to a regulation doesn't necessarily mean security."
While government regulations may help, it's up to each company to assess their own vulnerabilities and take appropriate action, said Sean Joyce, a principal at PwC and former deputy director of the Federal Bureau of Investigation, during the panel.
"The private sector knows more about what's going on on the net. They just don't share their information," Joyce said.
Many U.S. companies aren't investing in necessary security infrastructure because they aren't accounting for the financial damage cybercrime could have on their business.
"I think one of the challenges is--whether it is investing in the protection of their intellectual property or even IT security--it's a cost, it's not viewed as an investment because they can't extrapolate out what the threat is," said Pamela Passman, a panelist at the event and president and CEO of the Center for Responsible Enterprise and Trade.
According to PwC, U.S. respondents were less aware of the impact cybercrime had on their bottom line than companies elsewhere. In fact, 42 percent of U.S. organizations were unaware of the cost, compared with 33 percent of global companies.
This ignorance or neglect ends up costing companies a lot more, Ridge said.
"What's cheaper? Pre-emptive investment? Or responsive investment?" Ridge said.