Attacks on businesses and consumers are a blight on the economy, with criminals foreign and domestic using the Internet to steal identities, intellectual property, trade secrets and just about anything else they can get their hands on.
A new economic model (above) developed at a prominent D.C. think tank puts the cost to the U.S. economy as high as $100 billion annually, with a corresponding loss of as many as half a million jobs.
The report, released by the Center for Strategic and International Studies (CSIS) and written by James Lewis and Stewart Baker, two old hands in the Washington cybersecurity policy discussion, offers a quantitative approach based on data from the Commerce Department and analogous losses from activities such as car crashes, piracy and other losses and crimes.
The authors explain: "One way to think about the costs of malicious cyber activity is that people bear the cost of car crashes as a tradeoff for the convenience of automobiles; similarly they may bear the cost of cybercrime and espionage as a tradeoff for the benefits to business of information technology."
The report, sponsored by security software vendor McAfee, eschews survey data, which the authors say is flawed because respondents "self-select," and businesses often either conceal or do not realize the full extent of the losses from a cyber attack.
"We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyber activity," Mike Fey, executive vice president and CTO at McAfee, said in a statement.
"As policymakers, business leaders and others struggle to get their arms around why cybersecurity matters, they need solid information on which to base their actions."
Cybersecurity is the subject of a long-running policy debate in Congress, with lawmakers divided over what role the government should play in setting and enforcing security standards for critical infrastructure operators in the private sector. Read more: