The High Cost of Cybercrime
By: Dr. M. Ray Perryman
Published in syndication May 24, 2017
The recent outbreak of ransomware "WannaCry" sent tremors through the global economy and brought fears of more to come. In the United Kingdom, the National Health Service network was hit and 16 hospitals lost access to computer files. In France, Renault factories were idled. Phone service in Spain was disrupted, Russia's second-largest mobile phone provider was affected, ATMs in China went down, and universities in the United States experienced problems. Hundreds of thousands of systems were affected in the first weekend alone. Even beyond the immense inconvenience is a high economic cost.
When a major breach is detected, such as when account information for millions of customers is stolen or people around the globe are hit with a single virus, we are likely to hear about it. What we don't necessarily hear about are the countless instances of small- and medium-sized firms being hacked. Not to mention the individuals who are affected. Put it all together, and it's a big problem for the economy.
The cost of cybercrime has been rising rapidly. Estimates of the global costs are in the $500 billion per year range, and they are expected to be trillions just a few years from now. There are other costs not reflected (such as industrial spying or access to confidential records) even beyond these notable figures.
Another consideration is the large productivity cost. Firms devote enormous resources to security not only through purchases of sophisticated firewalls, software, and consulting fees, but also in the form of time spent or lost by employees as they tend to or are slowed down by security-related tasks. In the wake of an attack, more time may be lost in the recovery process. In the past few years, a new denizen of the C-Suite in most large corporations has surfaced, usually known as the "CISO" (Chief Information Security Officer).
One hidden, but very real cost, is increased risk to all aspects of business activity. When economic actors (consumers or producers) feel more vulnerable to disruptions, they respond by pricing the uncertainty. The most obvious place this will be seen is that firms will require higher returns to compensate for the risk, with the result being less investment, less innovation, and a reduction in economic growth and potential. When this pattern is observed across a large spectrum of activity over an extended period of time, the losses can be astronomical.
Both the private sector and the public sector are affected by this phenomenon, and there are also national security concerns. While some attacks are financially motivated (such as acquiring credit card numbers and other personal information to then sell), others are more sinister (such as accessing top secret information or weapons systems). A recent Executive Order mandates "the use of the National Institute of Standards and Technology Cybersecurity Framework across government, ensuring the same high standards recommended for private industry are applied everywhere."
States and local governments are also potential targets. The government stores vast quantities of data, and aging systems can be vulnerable not only to attacks from individuals or entities, but also other nations or nation-states. Tax dollars are required by federal, state, and local governments to maintain cybersecurity, and we can expect the funding needs to grow.
It is not surprising that the cybersecurity industry has seen significant expansion over the past few years, with no end in sight. The US Bureau of Labor Statistics is projecting that the occupation "Information Security Analysts" will grow much faster than average, with current median salaries of nearly $93,000. Insurance for cybercrime is among the fastest-growing coverage categories.
The need for cybersecurity will continue to grow rapidly as technology pervades every aspect of modern life. The Internet of Things (which is essentially the idea of connecting virtually anything with an on/off switch to the internet) has the potential to change our daily lives in ways we can hardly imagine. However, while we may be vigilant about maintaining security on our personal computers, we may be less aware that we should also be concerned about our thermostat, refrigerator, or printer. Some entities affected by WannaCry, for example, were attacked via aging computers running print servers or dated production equipment.
Cyberattacks clearly involve notable economic costs, and a major attack could wreak havoc by shutting down necessary infrastructure such as the electric power grid or telecommunications networks. Our world is becoming ever more digitized and integrated, and the Internet of Things is putting "smart" in a growing list of vehicles, electronic devices, appliances, toys, and other everyday items. The benefits of this shift are many, from increasing safety to improving productivity and efficiency to enhancing learning and entertainment. At the same time, each connection involves a need for security and an opportunity for a criminal to take advantage.
A major issue such as WannaCry can increase awareness and expose vulnerabilities. Organizations around the world have been forced to place cybersecurity at the top of priority lists. The key to successfully thwarting future attacks is constant vigilance and continued innovation, staying one step ahead of the attackers.
The benefits of technological advances are beyond measure, and progress will not be stopped. Ensuring that our cybersecurity keeps pace is crucial to future prosperity for individuals, companies, governments, and for society as a whole.