A recent Center for Strategic and International Studies (CSIS) study (commissioned by McAfee) estimates the annual cost to business from cybercrime at $445 billion. The direct and indirect costs come from loss of intellectual property, theft of financial assets and sensitive data, opportunity costs, costs to secure networks, and recovery from attacks.
While this is an estimate extrapolated from various data sources and proxies, CSIS states that there's a tendency for these crimes to be underreported. The bulk of the losses come from the G20 countries, which makes sense, since the G20 represents 85 percent of the world's economy, not to mention that there tends to be better reporting and record keeping in these countries according to CSIS.
Cybercrime generally comes in two flavors: social engineering, in which schemes attempt to fool users into divulging private information, and vulnerability exploitation, in which programming bugs or insecure software implementations are attacked. The appeal of cybercrime is the relative low cost and low risk--with potential for high payoff, especially as the internet-based economy grows from its estimated $2 to $3 trillion.