Roosevelt Institute | Cornell University

Cybersecurity Q and A: Cyber Crime and How to Stop It

By Zachary SchmetterPublished March 14, 2015

null
As our society becomes increasingly dependent on its cyber infrastructure, it is critically important to understand the necessity of cybersecurity in this day and age. The extent of the damage caused cyber crime penetrates far deeper into the economic foundation of this country than one would assume from looking at the small number attacks that made headlines last year.
Cyber security has become a major issue in the last year, with a number of companies coming under fire.  With all this attention in the media, is cyber security actually as big of a problem as it seems?  To answer that broad question, we must first answer three smaller ones.  Do cybersecurity breaches pose a significant and widespread threat to U.S. firms as well as to the economy as a whole?  How does the problem of cybersecurity in the U.S. compares to that in other developed nations?  Is current U.S. cybersecurity policy effectively counteracting the threat posed by current and future cyber attacks?

We know the big names like Sony, which was hacked last November, but do cyber attacks actually pose a threat to the millions of other firms in the U.S., and does the aggregate damage of these attacks actually do substantial damage to the economy? The answer is a resounding yes.  To put this in perspective, 40 million people in the U.S. were directly impacted by cyber attacks just in the last year, and the aggregate damage from these attacks could cost as America as many as 200,000 jobs. In terms of direct economic damage, 7% of U.S. organizations lost $1 million or more due to cybercrime incidents in 2013 along with 19% of U.S. entities reporting financial losses of $50,000 to $1 million in the same year according to the 2014 US State of Cybercrime Survey. Cyber crime as a percentage of GDP is 0.64%, which put into perspective amounts to approximately 13% of the total drop in U.S. GDP caused by the 2007-2009 recession.

Does the U.S. cybersecurity problem size up to losses felt by the rest of the world?  Wealthier countries are more likely to be cyber crime targets, but when comparing developed nations like the United States with the member states of the European Union as a whole, there is a vast disparity in cyber crime damage.  In the European Union, only 150,000 jobs were cited as lost due to cybercrime compared to 200,000 in the U.S.  At first, this difference may seem negligible; however, if you look at these losses in terms of total population, the U.S. loses more twice as many jobs per capita as a result of cyber crime than do the countries in the European Union. Furthermore, when comparing the damage done to U.S. firms to the global average, U.S. firms are more than twice as likely to encounter both low and high value attacks.  Lastly, the United States's above average cyber crime losses as a percentage of GDP in comparison to other developed countries fully exemplifies the disparity in cyber crime damages.  U.S. losses of 0.64% are dwarfed by E.U. losses of .41%, U.K. losses of .16%, and Japanese losses of only .02%.

Comparing policy proposals in the U.S. and E.U. reveals stark differences. The U.S. cybersecurity initiative is currently being spearheaded by President Barak Obama, who advocates for a larger federal presence to combat cybercrime, primarily through information sharing and a stronger public private partnership to increase cybersecurity standards and the reporting of cyber crime.  Current federal regulations mandate that healthcare organizations, financial institutions, and federal agencies protect their systems and information.  As an intergovernmental organization, the European Union uses an open standard system in order to protect its cybersecurity interests, which offers standards that are publicly available and have various rights of use associated with them.  This initiative includes streamlining standards among member states, creating incentives to promote appropriate risk management, and creating minimum standards for Network and Information Security.  In terms of effectiveness, Obama's information-sharing legislation has failed in recent years in part because the bills aiming to require companies to share network threats with the government are heavily opposed by Democrats and privacy advocates.  Additionally, current federal regulations do not address numerous computer related industries, such as Internet Service Providers, leaving large chunks of our economy vulnerable to attack. In terms of E.U. policy failures, the diverse pool of member states are still a long way off from streamlining standards, resulting in huge cyber crime disparities, exemplified in the contrast between France, which loses .11% of GDP to cybercrime in comparison to Germany, which loses 1.60%.

The key take away from this comparison is that the E.U. appears to be more successfully combating cybercrime than the U.S. because the versatility of the open standards program, which allows more successful government oversight and intervention in comparison to the stricter and more controversial policy approach of the Obama administration.  Going back to the original policy problem at hand, we can see that in the U.S. damages resulting from cyber attacks are both significant and far reaching as well as display clear weaknesses in our national cyber security strategy.  Considering America's delicate financial situation, our economy cannot afford to lose another $107,328,000,000 this year due to a delay the implementation of cybersecurity regulations as a result of political fighting.  Therefore, the most viable solution to this policy problem would be to implement softer regulations, similar to the E.U.'s open standard system, because the more regulation congress implements today, the more economic losses we will be able to avert tomorrow.

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

http://www.pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf

http://www.bloomberg.com/news/articles/2011-07-29/recession-took-bigger-bite-out-of-u-s-economy-than-previously-estimated

http://www.whitehouse.gov/issues/foreign-policy/cybersecurity

https://www.us-cert.gov/sites/default/files/publications/cyberspace_strategy.pdf

http://www.enisa.europa.eu/publications/articles/standards-for-cyber-security

http://www.usnews.com/news/articles/2015/01/13/obama-confronts-congress-deadlock-on-cybersecurity

http://csrc.nist.gov/drivers/documents/FISMA-final.pdf