Lack of stronger cyber security may cost world economy $3 trillion

Failure to boost cyber security could cost the world economy a staggering $3 trillion as new regulations and approaches to deal with destructive attacks would stifle innovation, says a report.

With the recent proliferation of cyber-attacks, corporate executives need to devote increasing attention to protecting information assets and on-line operations, according to the report released today by the World Economic Forum (WEF) in collaboration with global consultancy McKinsey & Company.

Titled 'Risk and Responsibility in a hyper connected World', the report cautioned that there could be increased cyber-attacks if there is a failure to strengthen capabilities for deterring such activities.

Major technology trends, including massive analytics, cloud computing and big data, could create between $9.6 trillion and $21.6 trillion in value for the global economy.

"However, if attacker sophistication outpaces defender capabilities - resulting in more destructive attacks - a wave of new regulations and corporate policies could slow innovation, with an aggregate impact of approximately $3 trillion by 2020," the report said.

Large institutions lack the facts and processes to make and implement effective decisions about cyber resilience, the report noted and added that overall, the cyber risk management capabilities of a large majority of firms are at a nascent or developing stage.

Developing resilience to cyber risks in the economic and social systems is not a question of simply building walls for security, said Alan Marcus, Senior Director and Head of Information Technology and Telecommunications Industries at the World Economic Forum USA.

"There are trade-offs to be made with other goals we wish to value, such as privacy, growth, innovation, and the free flow of goods and data. But to make good decisions, we need better data," he said.

There needs to be a fundamental change in the way we protect ourselves from cyber-attacks, the report said.

"Check-the-box compliance-based approaches simply don't work anymore. Companies and public institutions need to build cyber-security capabilities that are scalable, deeply integrated into the broader IT environment and focused on addressing the more important business risks," a Partner at McKinsey & Company James Kaplan said.

The report draws on knowledge and opinions derived from a series of workshops and interviews from over 300 top global executives, government, civil society and experts from different sectors.