Governance & Risk Management

Assessing the Cost of Cybersecurity

Report: Cumulative Benefits of IT Outweigh Yearly Security Costs
Assessing the Cost of Cybersecurity

Based on various economic models, the high annual cost of cybersecurity will not interfere with the long-term productivity benefits of IT, according to a new research report.

See Also: The Need for Cybersecurity Strategies to Evolve: A Zero Trust Guide for Federal Agencies

Researchers say the cumulative, year-over-year positive impact of information and communications technologies on the economy - or, for that matter, a single business - should in most cases far exceed the expense of investing in defenses against hackers, cybercriminals, cyberterrorists and rogue states in a single year.

Technology benefits carry over and compound, making the contribution grow exponentially over time, just as economies grew exponentially across the 20th century with the use of electricity and modern fossil fuels, according to the report, Cyber Benefits and Risks: Quantitatively Understanding and Forecasting the Balance, published by the University of Denver's Pardee Center for International Futures. The research was conducted in collaboration with Zurich Insurance and the think tank Atlantic Council.

The impact on investments will differ from nation to nation. The percentage of a nation's economy that's Internet-related varies based on the economic maturity of each country. For instance, the range is from just over 1 percent of gross domestic product in places such as Indonesia and Brazil to about 8 percent of GDP in Britain and South Korea. The Internet economy's share of the U.S. economy is just under 5 percent of GDP.

Annual Cyber Costs and Benefits


SOURCE: Pardee Center for International Futures

Researchers predict that the yearly costs for cyber-defense will exceed the annual benefits derived from information and communications technology investments around 2019. But they say the cumulative, year-to-year benefits of IT investments will outweigh the total of single-year cyber-defense costs.

"In the short-term, when we look at the annual cost [of cyber-defense], it tends to be very daunting for many businesses," Lori Bailey, global head of Zurich Insurance's special lines, said at a Sept. 10 briefing on the study. "But we see that the long-term benefits [of IT] far outweigh the costs associated with that, regardless of the scenario that we paint. That is a really important finding, and that is great news for us, for businesses, for our customers."

Zurich Insurance's Lori Bailey discusses the long-term benefit of IT security investments.

Varying Scenarios

Researchers, using Pardee's International Futures forecasting system, developed four scenarios, ranging from the optimistic vision of "Cyber Shangri La" to the gloomy imagery of "Clockwork Orange."

Shangri La, with cheap information and communications technologies and inexpensive cybersecurity, could yield a net global gain in productivity of $190 trillion by 2030. Clockwork Orange, with its unstable and insecure Internet, would cost the world's economy $90 trillion by 2030.

Researchers did not predict which scenario they thought would occur but stressed the need for cooperation between national governments, businesses and others to address cyberthreat challenges. They called on national policymakers to "treat the Internet as a global resource that can be depleted like any other and that requires stewardship if it is to remain productive."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.