Economy Loses $100B to Cyber Incidents

Thursday, February 22, 2018 @ 04:02 PM gHale

Just the U.S. economy alone loses between $57 billion and $109 billion per year to malicious cyber activity, a new study found.

That range of losses represents between 0.3 and 0.6 percent of the value of all the country’s goods and services, according to the report from the White House Council of Economic Advisers.

C-Suite Not Confident in Cyber Protection
Concern Rises Over Digital Threat
Instant Message App Zero Day
Cryptocurrency Marketplace Attacks on Rise

That estimate “likely amount[s] to only a small fraction of the cost that the U.S. economy may incur if the United States were to enter a large-scale conflict in cyber space,” such as a major cyberattack on the financial services sector or the energy grid, the report said.

The loss figure comes mostly on analyzing the effects of data breaches and other cyber incidents on companies’ stock prices. As a result, the data skews toward larger companies.

The estimate is in line with a Center for Strategic and International Studies estimate the malicious cyber activity cost the U.S. $107 billion in 2013.

The cost of cybercrime is notoriously difficult to measure. To begin with, companies often aren’t required to publicly report data breaches that don’t affect customers’ or employees’ personal information. The effect of breaches that companies do report is also less apparent for companies that are not publicly traded. Finally, companies — especially smaller ones — frequently don’t even know that they’ve been breached.

Beyond the overall price estimate, the Council of Economic Advisers report is largely a compendium of earlier studies. Among the report’s conclusions are companies aren’t properly incentivized to pay for sufficient cyber protections and poor cyber protections at one company damage the cybersecurity of the broader economy.

Scarce cyber threat data has also impeded the development of the cyber insurance market, the report states. A more mature market for cyber insurance might remedy some misaligned incentives by, for example, requiring policyholders to meet certain minimum cybersecurity standards.

Leave a Reply

You must be logged in to post a comment.