The Council for Economic Advisors (CEA) issued a report this month, entitled “The Cost of Malicious Cyber Activity to the U.S. Economy,” which concludes that “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.”
The Executive Summary further depressingly concludes:
- Malicious cyber activity directed at private and public entities manifests as denial of service attacks, data and property destruction, business disruption (sometimes for the purpose of collecting ransoms), and theft of proprietary data, intellectual property, and sensitive financial and strategic information.
- Damages from cyber-attacks and cyber theft may spill over from the initial target to economically linked firms, thereby magnifying the damage to the economy.
- Firms share common cyber vulnerabilities, causing cyber threats to be correlated across firms. The limited understanding of these common vulnerabilities impedes the development of the cyber insurance market.
- Scarce data and insufficient information sharing impede cybersecurity efforts and slow down the development of the cyber insurance market.
- Cybersecurity is a common good; lax cybersecurity imposes negative externalities on other economic entities and on private citizens. Failure to account for these negative externalities results in underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment.
- Cyber-attacks against critical infrastructure sectors could be highly damaging to the U.S. economy.
All of these conclusions point to a serious threat to the U.S. economy now and in the future. Despite the risk of economic loss, the report states that “cyber-attacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment….Successful protection against cyber threats requires cooperation across firms and between private and public sectors.”
The report goes into great detail of the impact on cyber-attacks against financial services, critical infrastructure, the power grid, loss of U.S. military secrets, health and safety, public trust and public sector initiatives, and private sector initiatives.
The report is another wake-up call that cooperation around cyber threats and intelligence sharing is critical to combat this significant risk to the U.S. economy and GDP.