Global benefits of cyber connectivity expected to outweigh costs by $160 trillion through 2030, report says

The accumulated global benefits of cyber connectivity should still outpace the costs through the year 2030 by nearly US$160 trillion (constant 2011 United States dollars), an 8% gain in the cumulative global GDP between 2010 and 2030, according to a report released on Thursday.

The report, titled Overcome by Cyber Risks? Economic Benefits and Costs of Alternate Cyber Futures is a collaboration between multi-line insurer Zurich Insurance Group and the international affairs think tank Atlantic Council. It examines the economic impact of cyber costs versus the benefits of interconnectivity under an array of complex scenarios using economic modeling tools from the Pardee Center at the University of Denver to gain an understanding of just how cyber costs and benefits affect national GDP over time – and what businesses and policy makers can do.

“As far as we can tell, no one has ever examined the key question of how much the costs of cybersecurity problems compare to the economic benefits of being connected,” said Jason Healey, author of the report and senior fellow at the Atlantic Council, in a press release. “Through research, modeling and thinking about how the future might be better, worse or just different, we can now put answers to such questions.”

The report explores four alternate scenarios based on two major uncertainties: the dominance of governments versus the private sector in matters of cyber security; and whether risks will be largely manageable or become unmanageable to the point that stable and secure connectivity becomes a luxury good.

“Cyber Shangri-La,” a best-case scenario outcome, details a possibility where technology booms are driven and supported by strong cybersecurity and the subsequent annual economic benefits result in a potential cumulative net global gain of $190 trillion by the year 2030 (about $30 trillion higher than that of the current projection case). On the opposite end of the spectrum, the most undesirable future scenario, called “Clockwork Orange Internet,” envisions a state of perpetual cybercrime and cyber-warfare that ultimately creates a negative impact of 2.5% of global GDP.

“While this net loss is still not enough to drag down the cumulative benefits to a point where risks outweigh the benefits, it does represent a potential loss of $30 trillion of global net economic benefit by 2030 if cybersecurity falls dramatically behind,” the press release said. “This could lead to a future of nonstop nation-state cyberattacks and hacks against increasingly vulnerable critical infrastructure and the world could miss out on $90 trillion relative to its current trajectory.” [click image below to enlarge]

Along with the potential future scenarios, the report also provides specific recommendations to executives who are responsible for creating their companies’ cybersecurity protocols, as well as policymakers who have a hand in shaping national cybersecurity laws. Among the recommendations for businesses, the report calls for a continued focus on resilience, and the ability to bounce back from disruptions to make them as short and limited as possible. This includes measures such as building redundancy, incident response and business continuity, as well as scenario planning and exercises.

Businesses should also consider worst-case cyber futures when looking at business strategies, the report suggests, and get cyber insurance, so that companies can transfer cyber risks, especially for third party risks associated with data breaches or business interruption.

“The focus for businesses in an interconnected world should be on how to bounce back from cyber risk events,” said Cecilia Reyes, Zurich’s chief risk officer, in the release. “It is very clear that businesses that want to protect themselves from cyber risks must adopt a mindset of resilience.”

For policymakers, the report recommends that governments work with the private sector for “next generation” solutions, with priority given to investments in overall stability, governance and resilience.

The report is the second of the collaboration and follows the 2014 report Beyond Data Breaches: Global Aggregations of Cyber Risk, which explored the cascading and systemic cyber shocks, similar to the financial crisis of 2008.