Attacks similar to Target breach could stall adoption of emerging tech

Continuous, high-profile cyberattacks like the one against retailer Target could slow adoption of emerging technologies, resulting in a loss of as much as $3 trillion to the global economy, a study shows.

The finding by the World Economic Forum is based on a scenario in which innovation in cybercriminals' attack tools outpaces the defensive capabilities of organizations. If that was to happen, than major data breaches would cause a wave of new regulations and corporate polices that would slow adoption of cloud computing, big data analytics and other transformative technologies.

"Current trends could result in a backlash against digitization, with huge economic impact," said the report entitled "Risk and Responsibility in a Hyperconnected World."

Indeed, the attack on Target's point-of-sale systems during the holiday shopping season, which led to the theft of 40 million payment card records and the personal information of 70 million customers, has drawn congressional scrutiny, with Senate hearings set for next month. The FBI has warned retailers more cyberattacks are likely, given the bureau's discovery of about 20 hacking cases over the last year, Reuters reported.

The forum based its report, which was done in collaboration with McKinsey & Co., on interviews, workshops and dialogues with global executives and experts. The report examines in broad terms the potential impact more frequent and intense cyberattacks could have on technological innovations and the global economy through 2020.

Corporate risk management against cyberattacks is already having an impact, according to the report. Controls put in place to protect intellectual property and sensitive documents has moderately lowered the productivity of front-line employees in nearly 90 percent of organizations.

In addition, the threat of cyberattacks has slowed the implementation of new technologies, as companies direct more resources to defenses.

Direct spending on security is a small share of the total expenditure on enterprise technology. However, IT executives estimate that security indirectly drives as much as 30 percent of overall technology spending, crowding out other projects that could create business value.

Major trends such as large-scale data analytics and cloud and mobile computing could create between $9.6 trillion and $21.6 trillion in value for the global economy, the report found. However, that value could be reduced if concerns over cyberattacks increase.

"If attacker sophistication outpaces defender capabilities -- resulting in more destructive attacks -- a wave of new regulations and corporate policies could slow innovation, with an aggregate economic impact of around $3 trillion," the study said.

The majority of enterprises are only in the early stages of putting policies in place to reduce the risk of cyberattacks. Most large institutions do not have a system for identifying and protecting the most valuable information assets.

In addition, most organizations do not understand who are their attackers and have not determined the most effective defensive mechanism for bringing risk to a comfortable level.

"Companies that spend more on cyber resilience do not necessarily manage cyber resilience risks in a more mature way -- many are simply throwing money at the problem," the report said.

Almost all chief information officers and chief information security officers agree that they cannot build adequate defenses against cyberattacks by themselves. Instead, they favor establishing a system for collaborating with technology providers, regulators, law enforcement and other related institutions.

"However, views vary widely on the responsibilities and effectiveness of several possible public-sector actions," the report said.

Efforts are underway for private-public cooperation in battling cyberattacks against organizations of national importance, such as financial institutions, the oil and gas industry, defense contractors and utilities.

The U.S. Department of Homeland Security is leading the Obama administration's cybersecurity initiative, which includes establishing a framework of standards and policies for mitigating risks and having government agencies share cyberattack information with the private sector.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about FBIReuters Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts