The Threat of Cybersecurity to American Business
September 19, 2015
by Anthony Iannarelli
In just the last year, the frequency and severity of cyberattacks has drastically increased. In 2014 the number of detected cyberattacks rose by 48 percent from 2013, with nearly 43 million detected cyberattacks reported. Headlining these breaches were major attacks on the retail chain Target, financial services giant J.P. Morgan Chase, and health insurance provider Anthem. In the aforementioned cyberattacks, Target reported the credit card information of 40 million customers had been compromised, J.P. Morgan Chase reported that 76 million households as well as 7 million small businesses were affected, and Anthem reported that a breach of their systems affected nearly 80 million customers. In just three cyberattacks, nearly 200 million people were affected.
Not only do these attacks diminish public trust in the affected businesses, potentially costing them millions of dollars in lost revenue, but the direct costs of responding to major cyberattacks are staggering. It has been reported that the breach of Target cost the retail chain nearly $150 million and, according to the Consumer Bankers Association and the Credit Union National Association, it cost financial institutions an additional $200 million. A report from Kaspersky Lab estimates that the average cost of a cybersecurity data breach is $720,000. A Ponemon Institute study of fifty companies across a range of industries found that these businesses suffered an average of $5.9 million in costs related to cyberattacks per year, with a significantly higher per capita cost for small businesses.
Private businesses, however, are not the only victims of cyberattacks. In June 2015, the Office of Personnel Management, the primary agency responsible for managing the United States government’s federal employees, reported that it had discovered a breach in which sensitive personally identifiable information of nearly 20 million government employees seeking security clearances had been compromised. Unlike the cyberattacks targeting the private sector, which tend to be financially motivated, the hack of the Office of Personnel Management was an act of cyber espionage, a growing area of concern for the federal government.
While both American business and the American government face serious threats from cyberattacks, there is not a simple solution to the problem. There is no perfect cybersecurity defense, and experts concede that cyberattacks, with the current architecture of the Internet and digital systems, can never be completely eliminated. Even the most robust cyber defenses are not perfect. Despite a $250 million dollar cybersecurity budget, J.P. Morgan Chase still fell victim to a hack that affected 76 million customers.
A promising tool in the fight against cybercrime is the collaboration of private industry with the federal government in the form of public-private partnerships. As Suzanne Spaulding, the Under Secretary of Homeland Security for the National Protection and Programs Directorate, recently stated, “The private sector has a unique role in cybersecurity, different than in our traditional national security context. A multi-stakeholder approach to [Internet] governance issues is absolutely critical.” The federal government, though it has prioritized cybersecurity, has difficulty recruiting top experts in the field due to the pay gap between the private and public sectors. The public-private partnership is a creative solution to this problem. However, the many partners involved in this multi-stakeholder approach can lead to inefficiencies. It has been reported that previous efforts toward public-private partnerships in cybersecurity have “often suffered from ill-defined goals and objectives, a lack of clearly articulated strategy, and a focus on information sharing as a goal rather than a tool. As such, it is essential that future efforts be streamlined and structured efficiently.
3 Bennett, Cory, “Cyberattacks up 48 percent in 2014,” The Hill, 27 October 2014.
Student Blog Disclaimer
The views expressed on the Student Blog are the author’s opinions and don’t necessarily represent the Penn Wharton Public Policy Initiative’s strategies, recommendations, or opinions.