Risk Nexus Overcome by cyber risks? Economic benefits and costs of alternate cyber futures
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Risk Nexus Overcome by cyber risks? Economic benefits and costs of alternate cyber futures
Contents
Foreword1
Executive summary 2
Premise explained 6
The model and process 8
Measuring the economic benefits of ICT 10
Measuring the economic costs of ICT 11
Base case: Benefits and costs to 2030 12
Comparing costs and benefits: the bad news 14
Comparing costs and benefits: the great news 15
Comparing costs and benefits: by economy and region 16
Alternate worlds: exploring the future 17
Alternate worlds: Cyber Shangri-La 18
Alternate worlds: Clockwork Orange Internet 19
Alternate worlds: Leviathan Internet 20
Alternate worlds: Independent Internet 21
Costs and benefits in alternate worlds 22
Implications for 2020 and 2030 24
Implications and recommendations for companies 28
Implications and recommendations for policymakers 30
Conclusion32
About us and this report 33
End notes 34
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures
Foreword
The globalization of value chains, increased financial
integration, rapid urbanization, and the Internet’s ubiquity
have all accelerated worldwide economic growth over the
past few decades. Unfortunately, these same developments
have also significantly increased our vulnerability to external
shocks and global crises. With risks mounting and traditional
systems of control weakening, now is the time to ask: do the
risks of being connected outweigh the benefits to global
economic growth?
Zurich Insurance Group and the Atlantic Futures at the University of Denver to
Council’s Brent Scowcroft Center on conduct extensive quantitative analysis
International Security are engaged in based on dozens of global sources and
Frederick Kempe, a multi-year partnership to examine inputs – from Oxford University in the
President and CEO that question as a continuation of our UK to Abu Dhabi, Sao Paulo, Montreal,
Atlantic Council
previous collaboration on systemic Singapore, and Washington, DC.
cyber risks. Our groundbreaking report,
After this open process, we modeled
Beyond Data Breaches: Global
the economic benefits from information
Aggregations of Cyber Risk, published in
and communication technologies (ICT)
April 2014 was our first answer on this
and related cybersecurity costs. The
topic and went well beyond well-known
difference between our model’s best
common cyber risks to explore the
and worst forecasts through 2030 is
potential for broader cyber shocks.
a startling USD 120 trillion, or about
That first report examined how a ’Lehman 6 percent of cumulative global GDP,
Brothers moment‘ at a too-big-to-fail driven largely by accumulating costs
communications technology firm, from cyber incidents.
wiping out droves of vital consumer
With this report, we hope to raise
data, might cause a cascading failure
awareness about the need to work as
throughout the wider economy.
a global community towards a more
This second report in the series expands secure, resilient, and prosperous Internet
on that scenario, building on this for decades to come. Our specific
concept of ‘cyber sub-prime.’ We use recommendations for enhancing the cyber
economic modeling tools to understand, commons offer an initial roadmap for
Cecilia Reyes, for the first time, how cyber costs and economists, technologists, cybersecurity
Chief Risk Officer benefits might affect global gross practitioners and researchers, and
Zurich Insurance Group domestic product (GDP) over time and perhaps the public as a whole.
how we can steer ourselves towards
The subsequent reports in this series,
the most rewarding futures.
due in 2016, will use the model and
The Atlantic Council’s Brent Scowcroft methodology pioneered here to explore
Center on International Security teamed geopolitical and demographic risks.
with the Pardee Center for International
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 1
Executive summary
In 2030, will the Internet and related Teaming with the Pardee Center at the
information and communications University of Denver, we modeled the
technologies (ICT) continue to drive economic benefits from ICT and the
The accumulated global benefits global innovation and prosperity? Or, associated cybersecurity costs. To model
of being connected should still will that bright promise be swamped by the benefits, we researched the
outpace the costs through the year an unstable and insecure Internet, so contribution to GDP of the ICT sector
overwhelmed by non-stop attacks that itself, the benefit of ICT to the rest of
2030 by nearly USD 160 trillion.”
it has become an increasing drag on the economy, as well as the benefit to
economic growth? The answers, as far consumers. The costs included direct
as we can predict, are not promising cybersecurity spending, the losses from
and mean the difference in tens of cyber incidents, and opportunity costs
trillions of dollars in global economic because economies may not be making
growth over the next fifteen years. full use of ICT.
So far, cyberspace has been safe enough, A future where the annual costs of
secure enough, and resilient enough for being connected outweigh the benefits
the past decades to re-invent nearly is not only possible, it is happening now.
every industry, create a ’hyperconnected According to our project models, annual
world,’ and transform the global economy. cybersecurity costs in high-income
economies like the U.S. have already
Unfortunately, these benefits come with
begun to outweigh the annual economic
an increased dependence on a shared,
benefits arising from global connectivity.
stunningly complex system-of-systems,
which no one truly understands in its For all economies, the inversion of costs
entirety. Most of the recent cybersecurity and benefits is expected to occur within
trends point to a darker future, with the next five years. In Latin America, it is
every year worse than the last: more expected before the year 2030, as the
data breaches, more disclosures of region bridges the digital divide. In the
critical vulnerabilities, and more nations Asia-Pacific region, the inversion is
building and employing offensive expected sometime after that. (Figure 1)
cyber capabilities.
This is the bad news.
Figure 1: ICT cyber benefits and costs, global annual totals,
2010-2030
1.4
1.3
1.2
percent of GDP
1.1
1
0.9
0.8
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
benefits costs
Note: Using 5-year moving average
Source: IFs 7.15
2 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures
Fortunately, there is good news, and originally felt, whereas the costs tend
it is actually pretty great. to be experienced as ’one offs.’
Although the one-time costs of being In our Base Case, the accumulated global
connected are higher on an annual benefits of being connected should still
basis, benefits accumulate over time, outpace the costs through the year 2030
as they tend to be made as long-term by nearly USD 160 trillion (constant
investments in productivity. In other 2011 US dollars), an 8 percent gain in
words, cyber benefits tend to keep the cumulative global GDP between
delivering each year after they are 2010 and 2030.
Figure 2: ICT cyber benefits and costs, global cumulative
totals, in USD trillion, 2010-2030
200
180
160
trillion USD 2011
140
120
100
80
60
40
20
0
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
cumulative benefits (compounded) cumulative costs (additive)
Source: IFs 7.15
Table 1: Expected GDP in 2030. This table adds context for interpreting the costs
and benefits in the report, relative to the size of the global economy in 2030
Region Annual GDP in 2030 Cumulative GDP
(at market exchange rate) (at market exchange rate)
World USD 135 trillion USD 2,000 trillion
High-income
USD 70 trillion USD 1,200 trillion
economies*
U.S. USD 24 trillion USD 400 trillion
*World Bank definition
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 3
We also examined four alternate futures. Steering towards these trillions of
In the best future of Cyber Shangri-La, dollars of global economic benefits
where technology booms are driven requires a range of actions today from
Cyber attackers dragging down by strong cybersecurity, the recurring states, companies, non-state groups,
the Internet might cost the world annual economic benefits result in a and individuals.
nearly USD 90 trillion.” cumulative net global gain of USD 190
A strong and resilient Internet will be
trillion by the year 2030 – about USD
driven by a healthy non-state sector,
30 trillion higher than that of the Base
supported when needed by governments.
Case. In the worst future of a Clockwork
Avoiding the worst futures is a global
Orange Internet, cyber attackers
collective action problem that requires
dragging down the Internet might cost
a sense of joint stewardship over the
the world nearly USD 90 trillion of
Internet, needing actions that go far
potential net economic benefit1. In a
beyond just admonitions to ‘improve
Leviathan Internet future, governments
cyber security.’ We must also focus on
impose strong Internet borders, and
improving resilience and, above all,
global benefits drop by around USD 20
international governance for the globe
trillion when compared to the Base Case
and the Internet.
and a fourth alternate future, the
corporate-driven Independent Internet.
Figure 3: ICT cyber net benefits or costs, global cumulative
total, in USD trillion, by scenario, 2010-2030
200
150
trillion USD 2011
100
50
0
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
Base Case Clockwork Orange Independent Internet
Leviathan Shangri-La
4 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures
About the Principal Investigators
Jason Healey is Senior Fellow for Cyber Statecraft at the Cyber Statecraft
Initiative of the Atlantic Council’s Brent Scowcroft Center on International
Security and Senior Research Scholar at Columbia University’s School of
International and Public Affairs.
Barry Hughes is the John Evans Professor at the Josef Korbel School
of International Studies at the University of Denver and Director of the
Frederick S. Pardee Center for International Futures.
For more details on the model, data, and process used in this report, please
see the companion report produced by the Pardee Center, available at
www.pardee.du.edu
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 5Premise explained
Newspaper headlines inundate us with imagine the question to be irrelevant,
stories about the risks associated with believing that they could always surf
our increasingly interconnected lives and new waves of innovation and invention
digitized economies: cyber failures and to stay ahead of the dangers. The truth
outages, espionage against (or indeed probably lies somewhere in the middle.
by) government agencies, massive data As the renowned cybersecurity expert Dan
breaches involving tens of millions of Geer has suggested, “[a] technology
retail and bank customers, and damaging that can give you everything you want
and disruptive attacks by nations against is a technology that can take away
one another. everything that you have.”2
Yet we still believe that the benefits of Economic modeling, even when based
being connected are worth these risks. on limited data, is an important way to
As individuals, we continue to buy new explore these kinds of alternate futures.
smartphones and apps and connect our At the beginning of the process of
houses, cars, and even medical devices working on this report, the modeling
to the Internet. At the same time, team at the University of Denver’s Pardee
companies increasingly depend on Center created two graphs to illustrate the
connectivity to drive their business above premise. Figure 4 shows that early
models, even outsourcing business-critical on, the annual benefits of being
infrastructure through cloud computing interconnected far outweigh the costs
and storage. but that theoretically, there could be an
inversion at some point in the future.
This report seeks to answer a critical
risk management question for the Cyber benefits keep delivering
twenty-first century: compounding rewards years after the
initial investment, whilst the costs tend
Will the risks of being interconnected
to be one-off expenses. So even after
start to outweigh the benefits?
such a theoretical future inversion, the
Certainly, many cyber security experts accumulated benefits might still continue
have repeatedly warned us that a series to outpace costs, as shown in Figure 5.
of ‘digital Pearl Harbors‘ or other The project team then gathered data to
catastrophes might tip the balance, feed the economic models to see if an
causing security and response costs inversion was likely to happen in the
to outweigh the benefits from ICT future and if the accumulated benefits
to global GDP. Others, such as the would stay ahead of costs, Figure 5.
techno-enthusiasts in Silicon Valley,
Figure 4: Illustration of a hypothetical future where costs Figure 5: Should annual costs (in stone) increase, the way
outweigh benefits on an annual basis benefits (in blue) compound over time suggests that the
overall impact should still be positive
Benefits
percent of GDP
Costs
GDP
Time Future Time Future
Note: This graphic represents both costs and benefits as flows (percent of GDP) Note: This graphic illustrates the compounding benefits of ICT/cyber contributions to economic
productivity and illustrates the growth of costs through simple annual additions
Source: Authors’ conception
Source: Authors’ conception
6 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresBox 1: An example of the balance of cyber benefits and risks:
annual versus cumulative3
In 2013, Mom and Pop Dry Cleaners generating a surprisingly coincidental
bought a computer to better manage contribution to profit of USD 3,000.
their purchase of supplies. Their profits They again used their computer and
in 2009 had been USD 300,000, and earlier software purchases to recognize
the new computer helped them save the savings in supply and benefits of
USD 3,000 (1 percent) on supply the customer database for a total
costs in 2010 even after the initial cyber contribution to profits of USD
capital investment. 9,000. Unfortunately, that same year,
hackers broke through their new
Unfortunately, Pop downloaded
security system, and the firm that
malware, and the firm hired to clean
patched them up charged USD 4,500.
their system charged USD 3,000 –
a one-time cost that completely offset Evaluating the benefits of the path
that year’s savings. In 2014, they they started to follow in 2013, Mom
downloaded a software package to said to Pop: “This year the annual
manage their customer database risk-related costs of keeping these
and used it, adding USD 3,000 to bloody systems more than offset the
their profits. annual boost to profits (USD 3,000
minus USD 4,500). But the cumulative
Because the computer was still saving
contributions to our profits keep
them money on supply ordering,
compounding: USD 3,000 plus USD
Mom and Pop’s total cyber benefit
6,000 plus USD 9,000 equals USD
that year was USD 6,000. But they
18,000, while the risk-related costs
also paid USD 3,000 to another firm
we pay each year are one-time
that greatly enhanced the security of
(USD 3,000 plus USD 3,000 plus
their systems.
USD 4,500 equals USD 10,500). Next
Then, in 2015, they downloaded year in 2016, I want to invest USD
more software allowing them to mail 3,000 to create a webpage and get
out specials and attract more clients, the word out about our shop!”
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 7The model and process
This report’s quantitative findings are including GDP per capita and economic
based on the International Futures (IFs) growth rates, to explore very different
forecasting system, run by the University assumptions around the future of ICT
of Denver’s Pardee Center for and the implications of alternative
International Futures. The forecasting possible scenarios.
model was used as the primary tool to
The modeling started with a ‘Base Case’
display and analyze historical data as well
estimate of how past trends might
as to forecast and develop alternative
continue into the future, then examined
future scenarios. The IFs model represents
four alternative scenarios that differ in
186 countries in different stages of socio-
critical ways.
economic development and adoption of
ICT technologies. It encompasses a set However, this modeling was limited
of heavily integrated and rich models: by the lack of comprehensive data,
demographic, economic, human especially on the economic costs of
development (education and health), adverse cybersecurity events. Roughly
physical (energy, agriculture, and 150 different ICT-related data series
infrastructure), and socio-political were included in this analysis, and yet
(governance and government finance). there was little comprehensive data
across countries and time. For additional
The modeling team worked to produce
context, the Atlantic Council also
a rough understanding of the relative
organized a series of global meetings
benefits and costs of ICT. This is the first
– from Oxford University in the UK to
attempt to build exhaustive typologies
Abu Dhabi, Sao Paulo, Montreal,
of different cyber benefits and costs in
Singapore, and Washington, DC.
order to compare them and provide an
overall assessment of current benefits Due to the lack of comprehensive data
and costs. and the fact that this was the first major
attempt to model cyber benefits and
The IFs forecasting model builds on this
costs, this report is correspondingly
initial data using cross-country comparison
cautious on the findings. As Dan Geer,
and longitudinal series when possible.
who specializes in metrics, has said,
The model incorporates measures of ICT
“it is the trend that matters... look at
penetration or pervasiveness and of ICT
the shape” of the curves.4 And the
spending as driving variables for future
general trends identified in this report
benefits and costs. It draws upon existing
should help drive the global debate on
variables already in the IFs model,
cybersecurity problems and solutions.
For more details on the model, data, and process used in this report, please
see and use the IFs model at http://www.pardee.du.edu, find the companion
report produced by the Denver University’s Pardee Center for International
Futures at http://www.pardee.du.edu/cyber-benefits-and-risks-quantitatively-
understanding-and-forecasting-balance, and use the dashboard for simplified
computer or mobile device analysis of our forecasts at http://www.ifs.du.edu/
ifs/frm_CyberDashboard.aspx
8 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresBox 2: The promise and peril: new waves of technology
The benefits of technology are security-dependent technologies
At least five of the top six game- apparent everywhere, as is the ICT could have potential economic impact
changing technologies require that has most obviously changed by 2025 of between USD 13 trillion
strong cybersecurity to unlock our lives: and USD 36 trillion, according to MGI.6
the benefits and avoid significant,
• the personal computer, which took Though MGI puts IoT only in the third
perhaps catastrophic costs.”
computers out of a dedicated room position, with potential economic
staffed only by technicians, and put upside impact of up to USD 6.2
them on desktops in our homes trillion, according to the experts
and offices; interviewed for this report, it probably
has the highest potential security
• mobile technology, which took
costs. The IoT connects the Internet
those connected computers off the
to physical objects, from electrical
desktop and put them into our
generation and distribution down
pockets; and
to automobiles, thermostats, baby
• the Internet, which connects all monitors, and wearable fitness
those computers, no matter where bands. This connectivity can unlock
they are on Earth. tremendous value and change lives
and societies, but unfortunately
But what are the next potentially
security is rarely included.
game-changing technologies?
These devices are typically far less
The McKinsey Global Institute (MGI)
secure than your computer or mobile
foresees twelve such technologies,
phone, as there are few safety features
many of which are heavily ICT
– the software is probably infrequently
dependent.5 They are mobile Internet,
checked for vulnerabilities, it is difficult
automation of knowledge work, the
to update with new software, and
Internet of Things (IoT), cloud
there is likely no security software to
technology, advanced robotics,
monitor for attacks.
autonomous and near-autonomous
vehicles, next-generation genomics, As one report prepared for the
energy storage, 3D printing, President of the United States put it,
advanced materials, advanced oil “There is a small – and rapidly closing
and gas exploration and recovery, – window to ensure that IoT is adopted
and renewable energy. in a way that maximizes security and
minimizes risk. If the country fails to
At least five of the top six (excluding
do so, it will be coping with the
perhaps the automation of knowledge
consequences for generations.”7
work) require strong cybersecurity
to unlock the benefits and avoid Unfortunately, that window has
significant, perhaps catastrophic probably already closed.
costs. Together, those top five
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 9Measuring the economic benefits of ICT
The benefits of ICT have emerged and 2.ICT impact on productivity and
have been changing the world from GDP for the economy as a whole:
three main sources: ICT doesn’t just benefit the companies
that make them, but the rest of the
1.Direct contributions from the ICT
economy as well, including benefits to
sector itself: The direct value added
manufacturers, bankers, and retailers
to GDP by ICT sector companies
who use ICTs. These contributions are
(for example, from well-known major
usually estimated to add between
ICT companies like Apple, Microsoft,
20 to 30 percent to economic growth.
Intel, or Google) has been estimated
This number translates to 0.6 to
to have grown to 9 percent of total
1.5 percentage points of absolute
business value added in Organization
contribution to global GDP growth
for Economic Co-operation and
(see Figure 7).
Development (OECD) countries;
however, in large part due to the 3.Benefits to consumers: The even
continuing decline in ICT costs, the harder-to-measure ‘consumer surplus’
direct value added has been falling refers to benefits consumers receive
over the past few years, bringing it from ICT, from either rapidly decreasing
back down to around 6 percent today prices or from improving capacity and
(see Figure 6 for the information on quality at the same price (for example,
OECD countries). The ICT sector share from Moore’s Law8). The same USD
of GDP is still growing in developing 1,000 buys a far more capable and
countries but is relatively stable globally. productive computer now than it did
ten years ago. The most convincing
data we have found, however, suggest
that consumer surplus contributions
are about half of those from ICT’s
boost to the growth of the economy
as a whole.
Figure 6: ICT value added as a percentage of total business Figure 7: ICT capital services’ contribution to GDP growth,
sector value added, average of OECD countries by World Bank country income group and world
12 3
2.5
10
2
percent
8
1.5
percent
6 1
0.5
4
0
2
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
200
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
0 High-income countries Upper-middle-income countries
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
Lower-middle-income countries Low-income countries
World
Source: OECD Factbook database, share of ICT value added, available at:
http://www.oecd-ilibrary.org/economics/data/oecd-factbook-statistics/oecd-factbook_data-00590-en Note: Simple cross-country averages of raw data used for each income grouping
Source: The Conference Board Total Economy Database, contribution of ICT capital services to GDP Growth,
2014, available at: https://www.conference-board.org/data/economydatabase/index.cfm?id=27762
10 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresMeasuring the economic costs of ICT
Data on the costs of an insecure Internet erosion of innovation, and the theft of
are very scarce and piecemeal, and not confidential business information (like
very confidence-inspiring. In general, negotiating positions). According to
there are three types of costs: 2014 estimates by the Center for
Strategic and International Studies
1.Spending on cyber security: The
(CSIS), the costs of cybercrime range
direct spending on cybersecurity
from 0.02 percent of GDP in Japan to
solutions (such as firewalls and threat
1.6 percent in Germany. Values for the
intelligence) is rising steadily,
U.S. and China are at 0.64 and 0.63
approaching 0.1 percent of global
percent respectively, see Figure 9.11
GDP and 0.35 percent of US GDP
(see Figure 8).9 Two forces may be 3.Opportunity costs: These costs are
driving these increases: the capabilities the unrealized economic benefits of
of attackers to carry out increasingly ICT, such as when companies forego
complex actions, and the growth in using new technologies because of
assets that are accessible via networks security concerns, or when nations
and therefore vulnerable to attacks.10 chose not to embrace ICT for domestic
policy reasons. For example, if ICT
2.Costs of adverse cyber events:
contributes to about one-fourth of
These include all the costs of a
global growth, North Korea, which
cyberattack or outage once it has
has virtually no ICT sector, would be
occurred, from recovery costs to
foregoing nearly all of that potential
financial crime, the value of stolen
(and Cuba perhaps half due to its
intellectual property and related
fledgling ICT sector).
Figure 8: Cybersecurity spending in the U.S., percent of GDP Figure 9: The cost of cybercrime and cyber espionage
and USD billions, 2009-2017 expressed as percent of GDP
70 0.4 1.80
0.35 1.60
60
1.40
0.3
50
1.20
0.25
percent of GDP
billions, USD
40
1.00
percent
0.2
30 0.80
0.15
0.60
20
0.1
0.40
10
0.05 0.20
0 0 0
2009 2010 2011 2012 2013 2014 2015 2016 2017
Germany
Netherlands
United States
China
Singapore
Brazil
Norway
India
Ireland
Zambia
Malaysia
Canada
Mexico
Saudi Arabia
United Kingdom
Colombia
South African
Vietnam
France
United Arab Emirates
Russian Federation
New Zealand
Australia
Nigeria
Turkey
Italy
Japan
Kenya
Absolute %GDP
Source: TIA’s 2010-2017 ICT Market Review and Forecast, available at: http://test.tiaonline.org/
resources/market-forecast
Source: CSIS (2014)
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 11Base case: Benefits and costs to 2030
The International Telecommunications
Figure 10: ICT development index (ITU index replication), Union (ITU) maintains an index of ICT
by World Bank country income group, 2002-2030 development that helps us understand
10 past patterns and forecast future ones.13
Forecasts of mobile and broadband
8
connectivity levels, which are major drivers
6 of the index, suggest a convergence in
index
the prevalence of ICT across economies
4
of different income levels as connectivity
2 becomes universal (see Figure 10).
0
Of course, this is not the only possible
outcome, as future waves of ICT (such as
2002
2004
2006
2008
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2030
higher speeds, cloud computing, or IoT)
High-income countries Upper-middle-income countries might postpone saturation. Such alternate
Lower-middle-income countries Low-income countries futures are discussed later in this report,
while the Base Case forecast represents
Source: Historical data (through 2013) from the ITU’s ICT Development Index (ITU 2014).
Forecast from IFs 7.15
the ITU’s rather conservative outlook.
Regarding benefits, the main driver of
economic growth is ICT’s contribution to
other sectors. It may feel counterintuitive,
The modeling of the costs and
given how much we can feel ICT changing
benefits of connectivity began with a
the industries around us, but according
‘Base Case.’ The Base Case in the IFs
to extensive economic research, this
integrated modeling system captures
contribution has in fact been mostly flat
a continuation of past and current
or declining in high-income economies.
patterns. It paints a picture of where the
Even so, ICT still provides about a
world is headed if these general trends
1 percent annual boost to GDP growth.
continue without interruptions from
unforeseen, disruptive geopolitical,
economic, or technological crises.12
Figure 11: ICT cyber benefit, annual boost to GDP growth, Figure 12: ICT cyber benefit, annual consumer surplus, by
by World Bank country income group, 1990-2030 World Bank country income group, percent of GDP, 2006-2030
2.5 0.8
2
0.6
1.5
percent
percent
0.4
1
0.2
0.5
0 0
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
1990
1992
1994
1996
1998
2000
2002
2004
2006
2008
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2030
High-income economies Upper-middle-income economies High-income economies Upper-middle-income economies
Lower-middle-income economies Low-income economies Lower-middle-income economies Low-income economies
World World
Note: The graph uses a simple average of country values, because using a grouping of a few large GDP Note: Using 5-year moving average
countries (e.g. China) can otherwise distort the data. The graph also uses a five-year moving average. Source: Historical data through 2010 are from OECD (2013). Data from 2010-2030 are from IFs 7.15
The biggest discrepancy occurs between historical data and forecasts for lower-middle-income countries.
In this area, our forecast may underestimate the future contribution of ICT, though the bubble of growth
contributions in recent years may be temporary. Globally, there is strong continuity between historical
data and forecasts.
Source: Historical data through 2012 are from Conference Board (2014a and 2014b). Data from 2010-2030
are from IFs 7.15
12 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresSince the overall size of the ICT sector 0.9 percent of global GDP (see Figure 14).
has reached a roughly stable (or even Here, low-income economies are highly
declining) share of global GDP, the dependent on the Internet, but lack of
growth of that sector is unlikely to security and resilience impose a relatively
contribute much to growth rates of the higher cost of about an additional
average economy. The annual consumer 0.2 percent of GDP.
surplus is much smaller, approaching
Opportunity costs from not taking
0.1 percent of GDP for high-income
advantage of ICT capabilities are
economies but up to 0.7 percent for
comparatively very low, typically below
low-income economies.
0.1 percent. At the beginning of this
Direct global cyber security costs are project, we expected such foregone
forecast to continue to rise over the next benefits to be significant because of
fifteen years, though the spending curve cybersecurity fears, but as Beau Woods,
does become flatter. In high-income one cybersecurity expert interviewed for
economies, the direct spending on this report, explained it, “decisions are
cybersecurity reaches nearly 0.4 percent usually made with implicit trust that
of GDP by 2030 with low-income cyber security measures will work.”14
economies approaching 0.25 percent,
These costs are high, but still far below
as shown in Figure 13. In dollar terms,
the costs of other global scourges. For
cybersecurity spending for 2015 is
example, the Institute for Economics and
estimated at roughly USD 250 billion (in
Peace 2015 Global Peace Index Report
constant 2011 dollars), a cost that doubles
estimated that the costs of sub-national
by 2030 to nearly USD 500 billion.
and international violence in 2014 is
By 2030, the cost of adverse events around USD 14.3 trillion or 13.4 percent
could reach USD 1.2 trillion, or perhaps of world GDP.15
Figure 13: ICT cybersecurity spending, by World Bank country Figure 14: ICT cyber adverse event costs, annual total, by
income group, percent of GDP, 2010-2030 World Bank country income group, Percent of GDP, 2010-2030
0.4 1.2
0.35 1
0.3
0.8
0.25
percent
percent
0.2 0.6
0.15 0.4
0.1
0.2
0.05
0 0
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
High-income economies Upper-middle-income economies High-income economies Upper-middle-income economies
Lower-middle-income economies Low-income economies Lower-middle-income economies Low-income economies
World World
Source: IFs 7.15 Source: IFs 7.15
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 13Comparing costs and benefits: the bad news
Figure 15 compares the global annual This turning point calls attention to
benefits and costs of ICT. Strikingly, just how feeble cybersecurity has been
it is not just theoretically possible that in the face of ever more dangerous
the annual costs of ICT security might cyber-attacks. Either cybersecurity costs
outweigh the economic benefits of need to become far more effective
connectivity; in fact, such an inversion is (or significantly less expensive) or the
projected to occur in the next few years, benefits of ICT need to continue to
perhaps even before the year 2020, at multiply. Both of these potential futures
somewhere near 1.1 percent of global are explored later in this report.
GDP (roughly USD 1 trillion). While this
This conclusion has one very obvious
finding is in line with our initial
caveat: both data and forecasting include
hypothesis, it was still surprising to see
a great many assumptions and estimates.
that this event is already expected to
The exact year of such a cross-over is
happen in the near future, according
highly uncertain, and perhaps it will
to our model.
never even occur, especially if the
benefits or costs change significantly.
Figure 15: ICT cyber benefits and costs, global annual totals,
Benefits
2010-2030
1.4
percent of GDP
1.3
1.2
percent of GDP
Costs
1.1
Time Future
1
0.9
0.8
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
benefits costs
Note: Using 5-year moving average
Source: IFs 7.15
14 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresComparing costs and benefits: the great news
This report has already pointed out the between 2010 and 2030 are estimated
difference in the way that the economic to be about USD 180 trillion versus
benefits of ICT accumulate over time USD 23 trillion of costs (a net benefit
(with a compounding effect as an of nearly 9 percent of the cumulative
investment) compared to the economic GDP between 2010 and 2030).
costs (as a simple sum of annual values).
These costs are huge and demand the
Figure 16 shows how this dynamic
attention of policymakers, but they are
plays out to 2030: even in years when
dwarfed by the benefits.
annual costs outweigh the benefits,
compounding investments pay off Again, note how the actual modeled
over time. costs and benefits accumulated over
time compares to the theoretical
On a global level, and for this conservative
curve (inset).
Base Case, the cumulative benefits
Figure 16: ICT cyber benefits and costs, global cumulative
totals, in USD trillions, 2010-2030
200
180
160
trillion USD 2011
140
120
GDP
100
80
60 Time Future
40
20
0
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
cumulative benefits (compounded) cumulative costs (additive)
Source: IFs 7.15
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 15Comparing costs and benefits: by economy and region
There is great variation of those patterns Figure 17: ICT cyber costs and benefits, annual totals, by World Bank country
across country income groupings and income group and World Bank region, percent of GDP, 2010-2030
regions (Figure 17).
High-income economies Upper-middle-income economies
The cost/benefit inversion point 1.4 3
appears to already have been 1.2 2.5
reached for high-income countries. 1
percent of GDP
percent of GDP
2
0.8
In OECD nations, the annual costs of 0.6
1.5
being connected may already outweigh 0.4
1
the benefits. As noted above, this is 0.2 0.5
0 0
because of the relative saturation of ICT
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
in advanced economies in the face of benefits costs benefits costs
steadily rising costs. New advances
could, of course, freshen new waves of Lower-middle-income economies Low-income economies
productivity (such scenarios are explored 3 3
in the next section). 2.5 2.5
percent of GDP
percent of GDP
2 2
The inversion is likely to be approaching 1.5 1.5
for upper-middle-income countries by 1 1
roughly 2030, though it seems unlikely 0.5 0.5
for low-income countries even by that 0 0
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
time, as they are still able to add gains
benefits costs benefits costs
from ICT.
Among the developing regions shown Asia and the Pacific Middle East and North Africa
in Figure 17, the process of likely 4 2
convergence in annual benefits and costs 3.5
3 1.5
is apparent in all but sub-Saharan Africa.
percent of GDP
percent of GDP
2.5
1
The cross-over will probably occur in
2
1.5
Latin America before 2030 as that region 1 0.5
0.5
bridges the digital divide and in the Asia 0 0
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
Pacific region sometime after that.
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
benefits costs benefits costs
Latin America Sub-Saharan Africa (without South Africa)
2.5 2.5
2 2
percent of GDP
percent of GDP
1.5 1.5
1 1
0.5 0.5
0 0
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
2010
2012
2014
2016
2018
2020
2022
2024
2026
2028
2029
2030
benefits costs benefits costs
Note: Using 5-year moving average
Source: IFs 7.15
16 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresAlternate worlds: exploring the future
The analysis so far has explored the Base The first step is to identify the ‘axes of
Case, assuming that future trends are uncertainty’ that are likely to be most
relatively consistent with or easily important. Over the course of this
understandable from those in the past. project, two such uncertainties clearly
For example, one of the dominant stood out.
assumptions of the Base Case, borrowed
The first major uncertainty is whether the
from the ITU’s ICT Development Index, is
globe continues to reap great benefits
that the ICT wave will have largely played
and keep the risks under control or
out by 2030 for both high-income and
whether hackers, nation-state attackers,
upper-middle-income countries, as they
and trolls greatly degrade the Internet
gain universal access to mobile and
and the benefits of being connected. We
broadband technologies.
call the two distinct futures anchoring
But, of course, the future is always sure this dimension the Cyber Shangri-La and
to hold tremendous surprises. Clockwork Orange Internet, respectively.
In the first scenario, secure Internet
One of the most useful tools for peeking
connectivity is a global right; in the
over the horizon of time is a structured
second, it is a luxury good. As such,
approach of formulating and analyzing
these scenarios alternately represent the
‘alternate worlds,’ differing futures based
most benefit and the highest cost.
on the outcomes of major uncertainties.
One of the most influential reports that The second uncertainty is whether the
explores alternate worlds is the Global future Internet will be more dominated
Trends series from the U.S. National by governments (with strong borders
Intelligence Council (NIC).16 Experts from and government monitoring) or the
both the Atlantic Council and Pardee private sector (where the technological
Center were central to that effort and elite is constantly able to invent around
brought their experiences here to explore government control). These are the
future cyber scenarios. Additional Leviathan Internet and Independent
alternate worlds work has been done Internet futures, respectively. Whereas
by Microsoft and CISCO in their reports, Cyber Shangri-La is obviously a better
Cyberspace 2025 (2014) and The scenario than the Clockwork Orange
Evolving Internet (2010), respectively.17 Internet, there is a more difficult
balance here, which will be explored
in later sections.
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 17Alternate worlds: Cyber Shangri-La
Cyber Shangri-La is the future in which New technologies boost benefits far, far
all of Silicon Valley’s dreams come true. faster than costs accumulate. Defense
The unfettered development of ICT and has become easier and cheaper than
global networking drives innovation and offense, so that costs remain modest
prosperity while helping individuals and stable. For example, perhaps
reach their full potential, regardless of autonomous or autonomic defenses are
their nationality or circumstance. Privacy widely deployed, moving significant
remains relatively high. Secure and attacks out of the range of all but the
reliable access to the global network most capable and motivated adversaries.
is a fundamental human right. Defense improving faster than offense
is a critical enabler for unlocking full
This scenario is similar to the Peak future
economic and societal benefits.
in Microsoft’s Cyberspace 2025 report
and the Fluid Futures in CISCO’s The Impact on the economy: ICT is a main
Evolving Internet.18 All three describe driver of global innovation across all
a future situation where technological economies, with high degrees of
progress has continued, users have high globalization as the Internet becomes
levels of trust in the system, and increasingly ubiquitous, secure, and
companies continue to build out the resilient. ICT benefits among nations
network and connected devices. converge, as most netizens and
Individuals can reach their full potential companies around the world have
Dynamics: Costs remain flat or only rise
in Cyber Shangri-La. access to similar kinds of technologies.
slightly, while benefits rise rapidly or
Global cooperation on cybersecurity
even exponentially. These changes occur
is relatively high, though nations still
modestly, with steady changes over time.
have strong disagreements over
Most if not all of the twelve game- cross-border content.
changing technologies, identified by
Impact on individuals: People have
McKinsey Global Institute (see Box 2 on
widespread and well-founded trust in
page 11), deliver on their full promise,
the technologies, providers, and
especially those most dependent on
behavior of other netizens. Their online
strong cybersecurity: mobile Internet,
persona is fluid, sometimes tied to their
automation of knowledge work, IoT,
national identify but at other times tied
cloud technology, advanced robotics,
to any other association, state or
and autonomous and near-
non-state, that they choose. Privacy is
autonomous vehicles.
well within each individual’s control.
18 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresAlternate worlds: Clockwork Orange Internet
The worst nightmare of anyone who is gains. Globalization is mostly broken,
connected, the Clockwork Orange and companies find it hard to make a
Internet is almost entirely made up of profit selling IT, except as a luxury good.
ultra-violent ‘bad neighborhoods,’ akin
The negative effects could happen either
to the novella and cult-classic movie
steadily (‘ice’ scenarios), or very quickly
of the same name. Secure and reliable
(‘fire’ scenarios). The ‘ice’ scenarios
access to the global network is no
include steadily increasing costs over
longer a global right but a luxury good.
time, such as the continued worsening
Digital identities and assets huddle
of cybercrime, crises and conflict
behind high walls. Technology still
(including international conflict), and
advances, but without necessarily being
a general breakdown in governance.
networked; high-tech is no longer
The ‘fire’ scenarios include fast-moving
synonymous with information tech.
events, such as a major conflict, global
Dynamics: Cyber offense is no longer shock, or sudden and unmatched
just better than defense, it is unbeatable. offensive innovation.
Any time new security initiatives and
This leads to high degrees of ICT
projects are launched, there are nations,
inequality, as only large multinationals
hackers, or curious security researchers
and other dedicated firms can afford
who quickly tear them down. Cyber
security. The rich around the world can
Hackers tear down security defenses in the bullying and other bad behavior is
still use secure ICT, but for most others,
Clockwork Orange Internet. rampant. There is little to no trust,
it is simply out of reach or only usable
as people cannot have faith in their
at great risk. Governments, the finance
networked devices or other people
sector, and others have built a secure
online. This lack of trust is both a cause,
minimum essential information
as well as a symptom, of massive cyber
infrastructure, which is as difficult to
sub-prime cascading failures across the
enter as a U.S. federal government
Internet and into connected
building, and only available for the most
infrastructures. ICT usage is so choked
secure purposes. There is also very little
down that even technologies that were
international cooperation, with little trust
common in 2015 (such as online
between nations who attack each other
shopping and social networking) are
(and each other’s products) relentlessly.
reserved only for those rich enough
to pay for proper security. Impact on individuals: Online persona
becomes a thing of the past for most
Impact on the economy: Costs rise
people. People have only as much trust
rapidly while benefits only rise slightly.
as their credit cards can buy, while an
Networked ICT becomes a drag to the
online identity is an asset to flaunt in
economy. Disruptions most heavily affect
the best circles. Privacy is no longer a
higher-income economies and the most
primary concern, now that connectivity
ICT-saturated middle economies.
itself is a risk.
Lower-income economies don’t suffer
these costs, but also receive far fewer
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 19Alternate worlds: Leviathan Internet
In the Leviathan Internet, there is no Some nations close off their national
longer a single global Internet but a borders to all kinds of information,
series of national internets dominated by from unpleasant news to damaging
sovereign governments (and particularly cyberattacks. Other nations, including
their national security apparatuses). most OECD states, are slightly more
Information technologies are more porous. ICT inequality accordingly
useful to governments to keep track and increases, with big nations and blocs like
control over citizens than vice versa. Brazil, China, the U.S., and the European
Union having enough scale to succeed.
Dynamics: Some nations, like Russia
Smaller nations struggle to build enough
and China, choke off their national
sovereign infrastructure. By 2030, this
borders so that all information – and
process of speciation is so far along
attacks – has difficulty penetrating.
that these separate internets, despite
They rely on heavy monitoring of their
their once common ancestor, can no
networks to keep an eye on their
longer interconnect.
citizens and control what information
they receive, using technologies that There may be gradients and variants of
help to stop many attacks. Other the Leviathan Internet, such as:
nations, including most in the OECD,
• ‘Huntington Internet,’ in which different
have more open national borders and
cultures have different Internets;
Some nations monitor their citizens closely in suffer comparatively more attacks.
the Leviathan Internet. • ‘Iron Curtain Internet,’ in which
Cybersecurity decreases overall. The
different Internets exist for Western
small benefits brought by strong
nations and more closed societies like
regulation and national borders are
China and Russia; and
more than offset by decreased global
cooperation and increased cross-border • ‘Schengen Internet,’ in which
espionage, sabotage, and conflicts. different trade blocs have their own
’free exchange’ of bits and bytes.
Impact on the economy: The impact on
the economy is modest, with continuing Impact on individuals: People’s online
growth of GDP and productivity, but well personas are driven by their country of
below the dreams of tech visionaries. residence. Online trust is high for those
Cross-border restrictions undermine too that trust their government but low for
many technologies, and tight regulations everyone else, and non-existent across
limit innovation. Protectionism trumps borders. While there is nearly zero
globalization, with nations giving privacy from governments, there are
preference to their own companies very tight restrictions on the commercial
and insisting on ICT localization and use of similar data.
sovereignty, shattering the global ICT
market. There is little trust even between
friendly nations, as policies are driven
more by security fears than dreams
of innovation.
20 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresAlternate worlds: Independent Internet
In the Independent Internet scenario, U.S., but are ‘democratized’ to include
governments are unable to regulate and companies and super-empowered
dominate this new technological space. individuals. Trust is accordingly modest;
Compared to today (and the assumptions while it can be high within different
in the Base Case), non-state actors have corporate walled gardens (for example,
bloomed into the true online powers. Apple users would tend to trust Apple
As proclaimed in 1996 by John Perry and other Apple users) or social groups,
Barlow, a noted cyber-libertarian and it is missing at higher levels. ICT equality
former songwriter for the Grateful and globalization are also high, as most
Dead: “Governments of the Industrial netizens and companies all over the
World, [y]ou have no sovereignty where world have access to similar kinds
we gather... Your legal concepts of of technologies.
property, expression, identity, movement,
Impact on the economy: Networked
and context do not apply to us. They
ICT is an important driver of innovation,
are all based on matter, and there is no
productivity, and GDP. Income inequality
matter here.”19
is likely to increase. The effects are
Governments still try to pass regulations, relatively broad but somewhat favor
but are quickly left behind by the true higher-income economies. There are
cyber powers: companies, non-state high degrees of globalization as national
Cyber-experts have more power in the groups, individuals, and regions (not borders are unable to fence out foreign
Independent Internet. least Silicon Valley). The technological companies, technologies, or information.
elite defy the state and continue to However, there may be walled gardens,
invent new ways to outfox regulations, as people get locked into one alliance of
laws, and other constraints of the state, technologies versus another (such as
such as refusing requests for government Apple, Facebook, Microsoft, Google, or
backdoors. This private-sector domination Baidu) and can change their alliance only
keeps benefits coming steadily but with great difficulty. These companies
generates insufficient breakthroughs may develop into a relatively stable
on defense. arrangement (like a Gang of Four or
Big Five) or they may change over time.
Dynamics: Offense still maintains the
advantage. ICT companies continue Impact on individuals: People do
inventing new defenses, but without not tend to see their online personas
effective policing and control, criminal as ‘American’ or ‘Brazilian’ but as a
groups continue to thrive. Large member of a particular technology
companies increasingly apportion more alliances. Once you are an ‘Apple’ or
of their ‘security’ budget for offensive ‘Google’ person, that identity remains
means to disrupt incoming attacks or relatively stable. Online trust is somewhat
seize back their stolen intellectual higher than in the Leviathan Internet
property; there is a concomitant rise because of widespread encryption and
of cyber-Blackwaters (private defense other measures. Individuals tend to have
companies) to help companies actively very high privacy vis-a-vis governments,
disrupt their tormentors. but have opted-in to relatively intrusive
monitoring by the companies with
Likewise, high-end attacks and espionage
whom they choose to do business.
are not just the purview of China or the
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 21Costs and benefits in alternate worlds
In the Base Case presented in the first The net annual economic benefits in the
half of this report, there was already Cyber Shangri-La scenario over the Base
great uncertainty underlying the data Case might look small, but in fact would
and forecasting. These uncertainties are represent a reversal of the current trend
therefore magnified when looking at toward an overall net negative effect.
alternate future cyber worlds. But the And in the Leviathan future, governments
trend is the most important factor to looking to separate their ICT innovations
take into account, and the shape of the and connections from those of other
curves tells a compelling story. countries should be cautious, as strong
Internet borders could shift net annual
In the Clockwork Orange Internet
costs above benefits by a full 2 percent
scenario, the attackers don’t just have
of GDP by 2030. The net loss in the
the advantage over defenders; true
Independent Internet is far smaller, but
supremacy induces a net cost drag of
still negative, at a fraction of one percent.
nearly 7 percent of global GDP by 2023.
The reason for the plateau in those net
costs is the assumption that there is a
‘saturation of catastrophe,’ where things
cannot get worse.
Figure 18: ICT cyber net benefits or costs, global annual total,
as a percentage of GDP, by scenario, 2010-2030
2
0
-2
percent
-4
-6
-8
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
Base Case Clockwork Orange Independent Internet
Leviathan Shangri-La
Source: IFs 7.15
22 Overcome by cyber risks? | Economic benefits and costs of alternate cyber futuresThe implications of these differences The worst case of a Clockwork Orange
among alternate worlds become more Internet might cost the world nearly
obvious and pronounced when costs USD 90 trillion of potential net economic
The wide range of forecasts and benefits are compared on a benefit across the period to 2030, when
illustrates the very considerable cumulative basis over time, rather than compared to the Base Case, and USD
uncertainty we face.” just annually. 120 trillion relative to the best case of
Cyber Shangri-La.
The compounding investment and
productivity impacts from ICT in Cyber The Independent Internet is very close
Shangri-La mean that even the to the Base Case, but the Leviathan
scenario’s very modest net annual Internet of strong national borders drops
benefits result in a cumulative net cumulative ICT net benefit by USD 20
contribution that is perhaps USD 190 trillion relative to the Base Case. Overall,
trillion, USD 30 trillion higher than the the wide range of forecasts across these
Base Case by 2030. For context, the scenarios illustrates the very considerable
total cumulative GDP of the Base Case uncertainty we face concerning both
between 2010 and 2030 is forecast to benefits and costs in cyberspace.
be USD 2,000 trillion, so that the net
benefit of ICT in Cyber Shangri-La
begins to approach 10 percent of that
long-term GDP.
Figure 19: ICT cyber net benefits or costs, global cumulative
total, in USD trillions, by scenario, 2010-2030
200
150
trillion USD 2011
100
50
0
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
Base Case Clockwork Orange Independent Internet
Leviathan Shangri-La
Source: IFs 7.15
Overcome by cyber risks? | Economic benefits and costs of alternate cyber futures 23You can also read
