Cybercrime Hindering World Economy

​THE RECENT SPATE OF CYBERATTACKS AGAINST MAJOR retailers and banks has raised the specter of a backlash against digitalization, and some experts are concerned that such a collective negative reaction could have a significant impact on innovation and the global economy.

One poll, issued after credit card breaches occurred over the winter holidays at major retailers such as Target and Neiman Marcus, indicated that consumers seem to be moving away from credit card use. The poll, released in late January by the Associated Press and GfK Public Affairs & Corporate Communications, found that 37 percent of Americans had made an effort to use cash instead of credit or debit cards to pay for purchases as a result of the recent data thefts.

And many other U.S. businesses may be vulnerable to attacks similar to those suffered by Target and Neiman, according to another report, released in February. The Verizon 2014 PCI Compliance Report found that roughly 89 percent of organizations surveyed failed a Payment Card Industry security compliance test.

Another report, Risk and Responsibility in a Hyperconnected World, argues that continued cyberattacks will significantly damage the global economy and slow innovation, unless a more robust and coordinated system of “global cyber resilience” is developed and implemented.

The latter report, a collaboration between the World Economic Forum (WEF) and McKinsey & Company, draws on a series of interviews, workshops, and conversations with global executives and thought leaders to examine the potential effects of cyberattacks and suggest actions needed to develop a better system of cyber resilience.

The report estimates that by 2020, large-scale technology trends like cloud computing, analytics, and big data, could create between $9.6 trillion and $21.6 trillion in value for the global economy. But these projected gains could be substantially reduced if government and industry do not do a better job of resisting hackers. “If attacker sophistication outpaces defender capabilities—resulting in more destructive attacks—a wave of new regulations and corporate policies could slow innovation,” the report states.

Using three possible scenarios, the report attempts to envision what may happen in the future regarding cyberattacks and their effects. Under the first scenario, cyberattackers retain an advantage over defenders who continue to respond to threats reactively. The level of threat increases incrementally, and adoption of innovative technologies slows. In this scenario, as much as $1.02 trillion in value from technological innovation would be lost over the next five to seven years.

The second scenario is grimmer. The frequency and severity of attacks increases significantly, including more breaches of national payment networks. Governments raise barriers to cross-border information flow. Fear of cyber risk delays the implementation of new technologies. Consumers become more cautious, and a backlash against digitization spreads. The impact on the global economy is significant—$3.06 trillion in unrealized value creation, or roughly 14 percent of the total potential value creation of those technologies.

“This is a very real scenario that we have to consider,” says Derek O’Halloran, associate director of information and technology industry at the WEF. Such a backlash could emerge from a number of directions, he explains. A steady stream of high-profile cyberattacks and personal breaches could erode the public trust in digitalization to the point where more people start turning against it.

In the public sector, continued attacks could lead to knee-jerk reactions in the form of new regulations that have negative unintended consequences. These days, IT policymaking in general can be very difficult, as rapid technological advances make the IT landscape a kind of moving target that is hard to regulate in its entirety. “Policy makers are really struggling to keep abreast of the huge rapid changes that are happening right now across the ecosystem. And of course, many of them do not have technology backgrounds,” O’Halloran says.

The report’s third scenario is the ideal one. Under this scenario, proactive public- and private-sector action limits the proliferation of attack tools, builds institutional capabilities, and stimulates innovation and economic efficiency. Formalized national cyber resilience legislation is paired with international collaboration to investigate and prosecute cyberattacks. International government coordination strengthens trust among individual institutions, allowing the establishment of stronger standards, greater cross-border collaboration, and information exchange. International bodies emerge to coordinate the battle against cyber threats, leading to a more integrated global defense. Institutional capabilities grow, information exchange increases, and the adoption of innovative technologies accelerates.

The report itself does not indicate how likely it is that this ideal scenario will come to pass. But O’Halloran says he is optimistic, in part because the approach to the problem has become much more serious. A few years ago, at WEF’s annual meeting in Davos, Switzerland, world economic leaders struggled to get their arms around the problem, he said. But this year, the discussion was much more focused on making progress on specific measures, such as formalizing private-public partnerships. “The tone of the conversation has changed very much,” he says. “This year, it’s a much more pragmatic discussion.”