Cyberattacks Cost Businesses Big, and Could Get Worse

February 21, 2018         By: Steven Anderson

The latest word out of the White House isn’t good news for anybody doing business online. It turns out, the reports noted, that just in 2016, cyberattacks cost the United States as a whole somewhere between $57 and $109 billion. Such figures should have businesses reconsidering their security picture closely.

Granted, the newest reports interpret the term “cyberattack” about as broadly as possible, including everything from denial of service attacks to theft of intellectual property, as well as the more standard fare like data breaches and theft of sensitive information. But the figures were bad enough on their own to prompt suggestions that, if things got much worse, it could represent a “spillover” issue for the broader overall economy.

Moreover, the report even takes steps into the political, citing some familiar names—China, Iran, North Korea and Russia—as part of malicious activities taken on by “nation-states.” The report even suggested serious problems with potential issues in “critical infrastructure,” things like power grid operations, highway systems, communications systems and the like.

The report even drew on an old familiar theme: data sharing. The report noted that cybersecurity as a whole is “plagued by insufficient data”, and that firms “…face a strong disincentive to report negative news.” Most reasonable people agree here; if I’ve got two stocks to choose from, and one of them just got hacked, I’m probably not going to buy shares in the company that just got hacked.

This in and of itself is a problem; while you probably wouldn’t buy in on a company that just got hacked, you’re also not likely to be told the company got hacked, either. You may well be buying in on a situation you’d rather not be in. Honesty would cripple a firm’s stock price, so they keep quiet. That doesn’t help the overall cybersecurity operation; knowing what to look for in a hack could keep others from getting hit similarly. But many of these “others” are competitors; why would companies want to hurt themselves by announcing their weaknesses so that others could learn, improve systems, and prevent that same weakness from hitting them?

Data sharing isn’t likely to happen. So in the end, each company must strengthen their systems as best they’re able in a bid to keep a disaster from striking.