Continuous, high-profile cyberattacks like the one against retailer Target could slow adoption of emerging technologies, resulting in a loss of as much as $3 trillion to the global economy, a study shows.
The finding by the World Economic Forum is based on a scenario in which innovation in cybercriminals' attack tools outpaces the defensive capabilities of organizations. If that was to happen, than major data breaches would cause a wave of new regulations and corporate polices that would slow adoption of cloud computing, big data analytics and other transformative technologies.
"Current trends could result in a backlash against digitization, with huge economic impact," said the report entitled "Risk and Responsibility in a Hyperconnected World."
Indeed, the attack on Target's point-of-sale systems during the holiday shopping season, which led to the theft of 40 million payment card records and the personal information of 70 million customers, has drawn congressional scrutiny, with Senate hearings set for next month. The FBI has warned retailers more cyberattacks are likely, given the bureau's discovery of about 20 hacking cases over the last year, Reuters reported.
The forum based its report, which was done in collaboration with McKinsey & Co., on interviews, workshops and dialogues with global executives and experts. The report examines in broad terms the potential impact more frequent and intense cyberattacks could have on technological innovations and the global economy through 2020.
Corporate risk management against cyberattacks is already having an impact, according to the report. Controls put in place to protect intellectual property and sensitive documents has moderately lowered the productivity of front-line employees in nearly 90 percent of organizations.
In addition, the threat of cyberattacks has slowed the implementation of new technologies, as companies direct more resources to defenses.
Direct spending on security is a small share of the total expenditure on enterprise technology. However, IT executives estimate that security indirectly drives as much as 30 percent of overall technology spending, crowding out other projects that could create business value.
Major trends such as large-scale data analytics and cloud and mobile computing could create between $9.6 trillion and $21.6 trillion in value for the global economy, the report found. However, that value could be reduced if concerns over cyberattacks increase.
"If attacker sophistication outpaces defender capabilities — resulting in more destructive attacks — a wave of new regulations and corporate policies could slow innovation, with an aggregate economic impact of around $3 trillion," the study said.
The majority of enterprises are only in the early stages of putting policies in place to reduce the risk of cyberattacks. Most large institutions do not have a system for identifying and protecting the most valuable information assets.
In addition, most organizations do not understand who are their attackers and have not determined the most effective defensive mechanism for bringing risk to a comfortable level.
"Companies that spend more on cyber resilience do not necessarily manage cyber resilience risks in a more mature way — many are simply throwing money at the problem," the report said.
Almost all chief information officers and chief information security officers agree that they cannot build adequate defenses against cyberattacks by themselves. Instead, they favor establishing a system for collaborating with technology providers, regulators, law enforcement and other related institutions.
"However, views vary widely on the responsibilities and effectiveness of several possible public-sector actions," the report said.
Efforts are underway for private-public cooperation in battling cyberattacks against organizations of national importance, such as financial institutions, the oil and gas industry, defense contractors and utilities.
The U.S. Department of Homeland Security is leading the Obama administration's cybersecurity initiative, which includes establishing a framework of standards and policies for mitigating risks and having government agencies share cyberattack information with the private sector.