The Cost of Malicious Cyber Activity to the U.S. Economy
Cyberattacks can cause massive damages to the U.S. economy (billions of dollars) through means ranging from direct muddling of bank funds to compromise of critical information, and actors can include nations, hacktivists, or even rival companies seeking to undermine their opponents. It is difficult to determine who the actors behind an attack are, but it is easier to determine what exactly the damages are, and how much they cost the U.S. economy.
Some costs/attacks are difficult to quantify, such as DDoS attacks, where the exact losses are unable to be tracked. The number of such attacks and data breaches are rising every year, as well as the average loss of profits by firms due to these attacks, with IP theft being the most devastating type of cyberattack, especially for smaller/medium firms, where such attacks could prove fatal.
The cost of quality cybersecurity imposed by externalities encourages firms to underinvest into optimal cybersecurity. This can also cause a “spillover” effect that can affect linked firms in a supply chain, and in such a link, attacks can seek out the weakest link in the chain and proceed to attack other more secure firms; these attacks, if on a significant part of the chain, can cause issues in the economy at large.
The method as to how these attacks are carried out range from software failures (known or unknown to vendors/users and that may be brought about by users) or through hardware failures. These attacks have the possibility of being undetected by the user, but upon discovery, vendors are pressured to immediately resolve whatever exploit is causing the attack. Especially in the case of Cloud Computing which allows companies to outsource various tasks to other firms, attacks on a firm that is supporting a couple of large firms could prove catastrophic for the economy. And with the nature of these attacks being hard to catalogue, the lack of data on such attacks makes it difficult to come up with any sufficiently successful defense against such attacks.
So spillover to linked firms and the cost of cyber defense can easily slow economic growth. However, the jobs created by the increasing need for cybersecurity, alongside spillover benefits from improvement in technology can lead to economic growth in other sectors of the economy, leading to an interesting situation where the push for cybersecurity to increase growth succeeds in ways different to the intended goal. All this only serves to strengthen the case for a strong development of cybersecurity as an industry.
Beyond just the financial sector though, cyber attacks could prove disruptive, interrupting power grids and thus slowing day to day function of the economy in a much more physical way. Besides the obvious health risks that are posed by such a scenario, such widespread attacks could erode the relationship between the government and its citizens, which, in excess, can have terrible consequences for the working of the nation as a whole.
Cybersecurity must have, and already has, been taken up by the private and public sector alike, with the private sector being the most important agent in cybersecurity, aiding in both techniques and sharing interfirm information that can benefit them since they won’t be the victims of spillover effects. In any case, in a rapidly connected cyber world, cybersecurity is both increasing as a need to reduce economic drag and as an industry.
