In a report on Friday, the White House Council of Economic Advisers estimated that malicious cyber hacks on the US economy cost between $57 billion and $109 billion in 2016.
The report, which contains the estimate from the Economic Advisers’ Council, details a range of cyber threats faced by the US from malicious actors including corporations and states like Russia, North Korea, China and Iran.
The Council of Economic Advisers (CEA) said in its report:
“Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate.”
The estimate represents between 0.31% and 0.58% of the US GDP in 2016. A separate report by the Center for Strategic and International Studies, for comparison, estimates the cost of malicious cyber attacks against US installations at $107 billion in 2013, approximately 0.6% of the GDP that year.
Predictably, the industries responsible for the largest share of the total GDP also had the highest shares of security breaches in 2016. That includes manufacturing, government, healthcare and finance, with the finance sector seeing the highest number of all data breaches in 2016 – a total of 471.
The report further added that malicious cyber activity isn’t strictly limited to foreign operatives and actors. Instead, activists seeking to push a political agenda, organized crime and corporate competitors seeking to gain an edge – all within the US economy – are also responsible for damages due to cyber attacks, the report said.
To combat illicit activities, an effective strategy from both the public and private sectors would help contribute and drive the growth of US economy’s GDP, the CEA advised.
Furthermore, the report also suggests that big cyber attacks could lead to knock-on effects throughout the economy when targeting a critical infrastructure asset operated by a firm or corporation.
“The presence of externalities would lead firms to rationally underinvest in cybersecurity,” the report warned. “Left to their own devices, firms will choose their optimal level of investment by conducting an analysis of private costs and benefits without taking externalities into account.”
As a result, the report suggests regulators implement a working scheme of incentives and penalties for firms to raise levels of cybersecurity investments.
Image credit: Pexels.