A Council of Economic Advisers report examined the full impact of cyberattacks in the US, and found the malicious activity left a large bill.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Malicious cyber activity cost the US economy between $57 billion and $109 billion in 2016. -- US Council of Economic Advisers, 2018
- A misunderstanding of common threats and vulnerabilities has halted the development of a cyber insurance market. -- Council of Economic Advisers, 2018
In 2016, the US paid big for cybercrime. How big? A Friday report from the White House Council of Economic Advisers (CEA) claims that malicious cyber activity cost the US economy somewhere between $57 billion and $109 billion in that year alone.
The report examined data on attacks against both public and private organizations, noting the rise of denial of service (DOS) attacks, data destruction, business disruption through ransomware, and other threats. These attacks often affect not only the intended target, but other organizations that may be financially linked to them, the report said, causing even more damage to the economy.
Security breaches increasingly happen due to patterns in common vulnerabilities that are shared across organizations, the report said. These patterns are difficult to predict, and attacks utilizing them are even harder to anticipate.
SEE: Intrusion detection policy (Tech Pro Research)
If this is such a problem, why don't we have cyber insurance? According to the report, it's because there is still a lack of understanding about these common vulnerabilities, and organizations aren't sharing enough information about their flaws and how they protect themselves.
"Cybersecurity is a common good," the report said, but companies are underinvesting in it. The core reason for this is that they don't understand the far-reaching impact of a breach beyond financial damage and IP loss. A data breach can harm a brand and negatively impact consumer trust, hurting sales in the future.
Further, the report noted that cyberattacks targeting critical infrastructure could be highly damaging to the economy as well. However, it's well documented that these attacks can now cause physical harm, such was the case with the Stuxnet worm, and an attack that shut off Ukraine's power grid.
According to a Reuters report, the White House has named the primary culprits in such attacks against the US as Russia, China, Iran, and North Korea. And, if the public and private sector worked together to combat cybercrime, it could boost the overall GDP, the report said.
- The secret to being a great spy agency in the 21st century: Incubating startups (TechRepublic)
- Justice Dept. charges 36 alleged scammers for $530 million cyber-fraud scheme (ZDNet)
- Cyberwar: The smart person's guide (TechRepublic)
- Cybercrime in China is the same, but different (ZDNet)
- Trump signs bill to modernize government IT and cybersecurity (TechRepublic)