Emerging Technologies

What are cyber disruptions costing businesses?

John Scott
Head of Sustainability Risk, Zurich Insurance Group

A new report from Zurich Insurance Group and the Atlantic Council indicates that we’re reaching the tipping point when the annual costs of cyber disruptions begin to outweigh the benefits of doing business in a connected world. Jason Healey, Senior Fellow with the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center on International Security, unpacks what that surprising finding means for business.

Why did you undertake the report?

We were driven by the question: How do we know if we’re starting to pay more in cyber security costs than we’re getting in benefits from being connected? As far as we know, the question has never really been asked before.

And what’s the biggest single finding of the report?

The startling finding is that on an annual basis, the developed world is spending more on cyber security in a given year than we are getting in annual benefits. It seems a bit counterintuitive, doesn’t it?

So should we just unhook from the Internet?

No, because annual cyber security costs tend to be operating expenses or one-offs. For example, if you’re a big company that just got hit by a hacker attack, you’re going to have to spend a bunch of money to recover. But the benefits you get from being connected—streamlined work processes, better connections to your customers, and the like—tend to compound over time in a way that costs don’t. So, in the report’s base case, cumulative global benefits outweigh the costs by nearly $160 trillion through 2030.

The benefits you get from being connected tend to compound over time in a way that costs don’t. So, in the report’s base case, cumulative global benefits outweigh the costs by nearly $160 trillion through 2030.”

But CEOs have to manage results quarter-to-quarter, year-to-year. So how should individual companies interpret the report?

Let’s talk about how they should not view it: They should not view it as a deterrent to investment in growth and innovation. If they do, they will miss out on the potential of cumulative benefits. And that is significant, as the difference between the worst-case scenario and best-case scenario in the report is more than $100 trillion in global GDP through 2030.

So what steps should businesses take to access that potential and minimize costs?

First, a lot of companies just don’t have the cyber security they need even for today’s threats—much less if it gets worse. The report recommends basic controls that should be adopted. Second, controls aren’t going to be enough against future threats. So we really think that investments that make a business more resilient to cyber events could go a long, long way. You’re not going to be able to keep all the threats out, so you have to be prepared when you get hit—whether it’s by hackers or a wide-scale Internet outage—to be able to bounce back quickly and limit the time of the outages.

Where does responsibility for understanding and managing these risks start?

We believe companies should govern from the board on down. To put it in the kind of finance terms that the board might be more familiar with: In the face of this long bet, basic cyber security and resilience are your hedge. You’ve got to think of this as a risky position that you’re engaged in—a position that could have serious implications for your company. So you really have to invest in covering your long bet.

This article is published in collaboration with Zurich Knowledge Hub. Publication does not imply endorsement of views by the World Economic Forum.

To keep up with the Agenda subscribe to our weekly newsletter.

Author: John Scott is a Chief Risk Officer of Global Corporate at Zurich.

Image: A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin. REUTERS/Pawel Kopczynski  

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

The Digital Economy

Share:
The Big Picture
Explore and monitor how The Digital Economy is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

Why AI is Southeast Asia's new engine for profitable growth

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum