Editor's note: An earlier version of this column inadvertently omitted two links to research from Cybersecurity Ventures on cybercrime damage costs by 2021 and ransomware damage costs in 2017. Those links appear in the current version of this column.
Continue Reading Below
By almost every metric the U.S. economy is running strong. Second-quarter GDP growth was 2.1 percent. In July, 164,000 jobs were added and durable goods orders rose by 2 percent. Even our year-over-year core inflation rate is steady at 2 percent, hitting the Fed’s target.
Unfortunately, these are not the only statistics that matter when assessing the nation’s economic security.
Hostile foreign actors are increasingly aggressive in cyberspace, creating an economic environment that few understand and that even fewer are prepared for. Specifically, there are three trends that must be turned around if the U.S. is going to thrive going forward.
First, cybercrime is exploding. By 2021, cybercriminals are projected to cost the global economy more than $6 trillion annually, up from $3 trillion in 2015. Perhaps nowhere is this trend more pronounced than in the business sector.
More than 43 percent of U.S. businesses suffered cybersecurity breaches in the last 12 months, according to the 2018 Cyber Security Breaches Survey. And more than four of every five (83 percent) finance companies are hit by at least 50 cyberattacks every month.
These aren’t just hit-and-run attacks. Once bad guys gain access to these networks, they remain undetected for, on average, between six and 12 months– stealing intellectual property, siphoning critical data, and generally causing havoc.
The average cost of a corporate cybersecurity breach now runs between $1.25 million and $8.19 million. No wonder the professional cybersecurity industry is booming. By the end of 2019, total spending on cybersecurity is projected to reach more than $120 billion, an increase of nearly 13 percent over last year.
Companies like Microsoft, Google and Facebook each spend around $1 billion a year on securing their products and offerings. But here’s the rub: Few companies have the resources or technical talent of these tech titans, and yet smaller companies face many of the same threats, including increasingly aggressive state actors.
Which brings us to the second trend that must be engaged: cyber-enabled economic warfare.
For decades, countries like China and Russia have pursued a deliberate strategy of using their foreign policy and intelligence communities to copy and steal American technologies. These strategies are starting to produce meaningful results; several foreign tech companies now legitimately rival U.S. tech leaders in both innovation and market capitalization.
If left unaddressed, this could pose a challenge, not only to our economic security, but also our greater national security. In a recent report, former Deputy Secretary of Defense Robert O. Work captured the challenge well, writing: “Chinese technological capabilities are growing as rapidly as its economic power … Indeed, China is keenly focused on blunting the U.S. military’s technological superiority, even as it strives to achieve technological parity, and eventually technological dominance.”
Put simply: Our long-term economic and national security must account for – and roll back – a sustained campaign of cyber-enabled economic warfare.
But it’s not just companies that are being attacked, and it’s not just intellectual property that’s being stolen.
The third cybersecurity trend that must be turned around is the growing use of ransomware against enterprises and governments.
Ransomware is any malicious software that limits or prevents someone from using his or her computer or accessing files. In 2017, this threat went to a whole new level. In the wake of a 4.3 percent rise in ransomware variations – including the WannaCry and NotPetya attacks that went global – at least 15 percent of businesses in the top 10 industry sectors were infected, and nearly a third of those affected were locked out of their systems for five or more days.
Global ransomware attacks cost individuals and businesses $5 billion in 2017, a 400 percent increase from the year before. But now these attacks are taking an unexpected turn toward governments.
In 2019, more than 70 ransomware attacks were launched on state, local and county governments in the U.S. One coordinated attack targeted 22 different Texas cities and towns. Several of these attacks led to catastrophic loss of data and equipment, and all of them temporarily crippled the provision of critical services. More than 60 percent of all U.S. ransomware attacks this year had government targets.
These three trends cannot be ignored. Even more, they must be rolled back if the United States wants to thrive in the future.
Going forward, one strategic economic truth is certain: Securing nations means securing economies, and securing economies means securing networks.