Pages

1 July 2021

New FDD Report Warns of Devastating Costs of Cyberattacks on Private Sector


WASHINGTON, D.C., June 28, 2021 – The economic cost of a cyberattack on service providers or utility operators could rival that of major natural disasters, according to the findings of a new report issued today by the Foundation for Defense of Democracies’ (FDD’s) Center on Cyber and Technology Innovation (CCTI) and Intangic.

The report finds that as digital transformations increase productivity and efficiencies in companies across all economic sectors, the American public is blind to the scale of the risks that inadequate technology management has created.

Authors Chris Nolan of Intangic and Annie Fixler of FDD write in “The Economic Costs of Cyber Risk,” “A single company with deficient cybersecurity could inflict substantial harm on the U.S. government, company shareholders (including retirees dependent on pensions), the public, and critical national infrastructure.”

The United States witnessed a sample of the real-world effects of cyberattacks with the ransomware attacks on Colonial Pipeline and meat producer JBS, but if a ransomware or other type of attack disrupts electricity generation or transmission, the economic devastation could surpass that of Hurricane Katrina, the authors warn. This estimate is derived from Intangic’s actuarial model, which has accurately predicted the financial and economic impact of business disruptions from cyberattacks.

Nolan and Fixler explain that the market to-date has failed to incentivize cybersecurity investments because neither regulators nor investors can measure “objectively and transparently whether companies are properly managing digital technology and related risks.” Except in limited cases, companies are not required to disclose cyber breaches or vulnerabilities that directly affect their financial health and business operations.

“While Intangic’s model can be used as an early-warning system to identify companies likely to suffer a significant cyber incident, the American taxpayers shouldn’t have to rely on data science and massive data sets to understand how significant of a problem digital risk poses to their own financial health and the economic wellbeing of the nation,” said Ryan Dodd, CEO of Intangic. “Today’s systemic risk pales that of the corporate accounting scandals of the late 1990s.”

To begin to remedy the lack of transparency around cyber risk, the authors recommend the implementation of a national breach notification law and a requirement that publicly traded companies provide dollar-based disclosures of cyber risks and incidents.

“Successful cyberattacks and ransomware against nearly every sector of the U.S. economy demonstrates to policymakers that the market has failed on its own to convince the private sector of the necessity of a minimum level of cyber hygiene,” explained RADM (ret) Mark Montgomery, CCTI senior director. “This paper provides policymakers with data that makes clear that government action is needed to fix this market failure. More transparency around breaches and vulnerabilities, coupled with clearer guidance for large and small businesses alike would raise the level of cybersecurity of our nation.” Montgomery also serves as senior advisor to the Cyberspace Solarium Commission, where he previously served as executive director.

No comments:

Post a Comment