The recent outbreak of ransomware “WannaCry” sent tremors through the global economy and brought fears of more to come. In the United Kingdom, the National Health Service network was hit and 16 hospitals lost access to computer files. In France, Renault factories were idled. Phone service in Spain was disrupted, Russia’s second-largest mobile phone provider was affected, ATMs in China went down, and universities in the United States experienced problems. Hundreds of thousands of systems were affected in the first weekend alone. Even beyond the immense inconvenience, there is a high economic cost.
When a major computer breach is detected, such as when account information for millions of customers is stolen or people around the globe are hit with a single virus, we are likely to hear about it. What we don’t necessarily hear about are the countless instances of small- and medium-sized firms being hacked, not to mention the individuals who are affected. Put it all together and it’s a big problem for the economy.
The cost of cybercrime has been rising rapidly. Estimates of the global costs are in the range of $500 billion per year, and they are expected to be in the trillions just a few years from now. There are other costs not reflected, such as industrial spying or access to confidential records.
Another consideration is the large cost to productivity. Firms devote enormous resources to security not only through purchases of sophisticated firewalls, software and consulting fees, but also in the form of time spent or lost by employees as they tend to or are slowed down by security-related tasks. In the wake of an attack, more time may be lost in the recovery process. In the past few years, a new denizen of the C-Suite in most large corporations has surfaced, usually known as the CISO (Chief Information Security Officer).
One hidden but very real cost is increased risk to all aspects of business activity. When economic actors (consumers or producers) feel more vulnerable to disruptions, they respond by pricing the uncertainty. The most obvious place this will be seen is in firms requiring higher returns to compensate for the risk, with the result being less investment, less innovation and reduced economic growth and potential. When this pattern is observed across a large spectrum of activity over an extended time, the losses can be astronomical.
Both the private sector and the public sector are affected, and there are also national security concerns. While some attacks are financially motivated, such as acquiring credit card numbers and other personal information to then sell, others are more sinister, such as accessing top secret information or weapons systems. A recent Executive Order mandates “the use of the National Institute of Standards and Technology Cybersecurity Framework across government, ensuring the same high standards recommended for private industry are applied everywhere.”
State and local governments are also potential targets. The government stores vast quantities of data, and aging systems can be vulnerable to attacks not only from individuals or entities but also from other nations or nation-states. Tax dollars are required by governments to maintain cybersecurity, and we can expect the funding needs to grow.
It is not surprising that the cybersecurity industry has seen significant expansion over the past few years, with no end in sight. The U.S. Bureau of Labor Statistics is projecting that the occupation of “information security analysts” will grow much faster than average job growth, with current median salaries of nearly $93,000. Insurance for cybercrime is among the fastest-growing coverage categories.
The need for cybersecurity will continue to grow rapidly as technology pervades every aspect of modern life. The Internet of Things, which is essentially the idea of connecting virtually anything with an on/off switch to the internet, has the potential to change our daily lives in ways we can hardly imagine. However, while we may be vigilant about maintaining security on our personal computers, we may be less aware that we should also be concerned about our thermostat, refrigerator or printer. Some entities affected by WannaCry, for example, were attacked via aging computers running print servers or dated production equipment.
Cyberattacks clearly involve notable economic costs, and a major attack could wreak havoc by shutting down necessary infrastructure such as the electric power grid or telecommunications networks. Our world is becoming ever more digitized and integrated, and the Internet of Things is putting “smart” in a growing list of vehicles, electronic devices, appliances, toys and other everyday items. The benefits of this shift are many, from increasing safety to improving productivity and efficiency to enhancing learning and entertainment. At the same time, each connection involves a need for security and an opportunity for a criminal to take advantage.
A major issue such as WannaCry can increase awareness and expose vulnerabilities. Organizations around the world have been forced to place cybersecurity at the top of their priority lists. The key to thwarting future attacks is constant vigilance and continued innovation, staying one step ahead of the attackers.
The benefits of technological advances are beyond measure, and progress will not be stopped. Ensuring that our cybersecurity keeps pace is crucial to future prosperity for individuals, companies, governments, and for society as a whole.
M. Ray Perryman is president and CEO of The Perryman Group (www.perrymangroup.com). He also is Institute Distinguished Professor of Economic Theory and Method at the International Institute for Advanced Studies.