Print

A recent Report entitled Risk Nexus prepared as part of a partnership between Zurich Insurance Group and the Atlantic Council examines the potential “economic benefits and costs” caused by cybersecurity on the global economy in the future. Specifically, this report takes a look at the following questions:

  • “In 2030, will the Internet and related information and communications (ICT) continue to drive global innovation and prosperity?”
  • “Or, will that bright promise be swamped by an unstable and insecure Internet, so overwhelmed by non-stop attacks that it has become an increasing drag on economic growth?”

The Bad News About the Future of Cybersecurity

The Executive Summary of the Report first gives us the bad news. To date, the benefits of ICT (re-invention of nearly every industry) have been at the cost of “an increased dependence on a shared, stunningly complex system-of-systems, which no one understands in its entirety.” The Report further states that “most of the recent cybersecurity trends point to a darker future, with every year worse than the last: more data breaches, more disclosures of critical vulnerabilities, and more nations building and employing offensive cyber capabilities.” Based on the bad news, the Report reaches the conclusion that “[a] future where the annual costs of being connected outweigh the benefits is not only possible, it is happening now.”

The Good News About the Future of Cybersecurity

Next, the Report addresses the good news that “[a]lthough the one-time costs of being connected are higher on an annual basis, benefits accumulate over time, as they tend to be made as long-term investments in productivity.” In other words, once the initial costs of cybersecurity are paid, the benefits are felt for years many after the initial investment. The Report provides further support for the proposition that the initial costs of cybersecurity can be offset by the benefits which can last a number of years. That is, if cybersecurity is viewed as an investment, the benefits of cybersecurity can outweigh the costs.

Experts Are Not Optimistic

The Report concludes that “[m]ost of the experts consulted for the Report were not optimistic about our future, with a consensus that the trends were heading in the wrong direction.” Further, the Report found that many of the trends indicated that we are fast-approaching a “tipping point,” where there may be a “small window of a few years to pull back and reorient towards a more secure and more resilient internet.”

Local Impact of the Global Report’s Findings

While this Report takes a global perspective in its analysis of the impact of cybersecurity on the economy, it still provides insight on what can be done at the local level. Of course, nothing can be done on a global level without participation on the local level. If small “mom and pop” businesses do not adopt cybersecurity measures nothing can happen on the global level. And, while it may be on a smaller scale, the initial costs of cybersecurity may be just as daunting for smaller businesses and governments, but can prove to be just as valuable in the long run. More importantly, insurers are in a great position to get the message out that cyber insurance must be included as part of this initial investment for cybersecurity in the future.