According to a new report from the Council of Economic Advisers (CEA), posted to the official White House website, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Unfortunately, the breadth of the gap in that estimate, according to the report, is the result of how difficult it can be to pin down cyber attacks or the full impact of those that are affirmed. Moreover, the report says that because of how difficult it can be to predict the likeliness that any given entity of the private sector will be targetted and resulting underinvestment, there is a negative spillover effect on the wider economy. Meanwhile, the number of attacks has dramatically increased in the past 3 years. By the numbers, the number of attacks observed between 2000 and 2013 was just 131, while 159 attacks have been spotted between 2013 and 2017.
Aside from the estimated cost to the U.S. economy as the result of cyber attacks, the report also outlines the nature of those attacks over the given timeframe and guidelines for improving the situation. For starters, the cyber attacks essentially covered the gamut of malicious activities categorization. Attacks were noted to take the form of DDoS (denial of service) strikes, data and property destruction, disruption of business activities, and theft of proprietary data - including intellectual property, sensitive financial information, and strategic information. Those problems are further exasperated by the fact that the majority of malicious cyber activities take advantage of widespread, unpatched vulnerabilities. That means that the attacks can spread out to correlated firms and organizations. Moreover, the same lack of data about attacks that results in the wide range of actual cost to the economy, coupled with insufficient data sharing has impeded efforts to both generate cybersecurity measures and the development of a cyber insurance market."
Finally, the CEA took the opportunity provided by the report's release to reaffirm that cybersecurity is something that needs to be pursued for the common good, reiterating that a lack of investments in cybersecurity does harm other sectors of the economy. The CEA marks critical infrastructure points, presumably including power and water infrastructure, as points that need to be examined more closely for vulnerabilities since damage to those would be disastrous for the economy. Both points make sense since it isn't just sectors commonly associated with technology that need to worry about cybersecurity.