Misha writes:

(last sentence, my emphasis, paragraph break added for clarity)

An unregulated cyber-arms race in which states develop malicious code before deploying it across the world has been triggered. Recently the BKA, Germany’s equivalent of the FBI, advertised openly for coders to write Trojan viruses for use in criminal investigations. “Governments, intelligence agencies and militaries are all doing this. Two years ago this would have been unacceptable,” noted Hypponen, “but now everybody is at it.”

Two months ago the situation had become sufficiently grave to lure Jonathan Evans, the head of MI5, out of his traditional obscurity. “The extent of what’s going on is astonishing with industrial scale processes involving many thousands of people” he said, pointing out that one British company had lost a staggering £800m as a consequence of a recent hack.

…you should be aware that any and all cost-figures which are attributed to a “hack” should be viewed with utmost suspicion, and evidence should be demanded as to the cost. The need for transparent, attributable evidence of loss/costs was highlighted years ago in the FBI’s “Knight Lighting” prosecution:

(two highlighted sections in the final paragraph)

http://en.wikipedia.org/wiki/Craig_Neidorf

Craig Neidorf (born 1969), aka Knight Lightning, was one of the two founding editors of Phrack Magazine, an online, text-based ezine that defined the hacker mentality of the mid 1980s.

[…]

In 1990, Neidorf was facing 31 years in jail after being arrested and charged with receiving a document stolen from Bell South, and with publicly distributing it online. Bell described the document, which described the inner workings of the Enhanced 911 system, as being worth US$79,449 (a figure which included, among other things, the value of the VAX workstation on which the document had been typed). The charges were dropped when it was revealed that the document was not, as initially described, source code, but rather a memorandum, and that more detailed documents could be ordered from Bell for $13. The proceedings are formally known as United States v. Riggs.

That $79,449 would be about $140,000 in today’s money – but now numbers are not sexy unless they are millions or billions, hence the hyperinflation of losses where they are used to support an pro-cybersecurity argument.

See also: Does Cybercrime Really Cost $1 Trillion?