The numerous indirect costs of malware to companies could easily be larger than the direct costs, says Frank Scavo, president at Computer Economics. Part of the reason is that targeted campaigns by hackers now are designed to use companies' system for ongoing nefarious activities, not to damage the system. Because of the reluctance of some companies to release any information about security breaches (to minimize those indirect costs), the growth of indirect costs isn't known, but many companies are aware of the trend. Extortion and industrial espionage, Scavo says, go hand-in-hand with attacks targeted at specific individuals inside companies. And, yes, it's a problem that will never be solved, according to Scavo. As long as operating systems and applications grow and change, hackers will exploit their weaknesses and social engineering for financial gain.