Economics of Cyber Attacks and Security

Economics of Cyber Attacks and Security
Thursday, March 26, 2015 5:45 p.m. – 8:00 p.m.
Conference room 483, Congressional Budget Office
2nd & D Streets, SW, 4th Floor, Washington, DC 20515
(Metro: Federal Center Station)
Kevin C. Desouza, Senior Fellow, Brookings Institution,
Center for Technology Innovation
N. Eric Weiss, Specialist in Financial Economics,
Congressional Research Service
Light refreshments will be served. Light refreshments will be served at 5:45 pm, and the seminar begins at 6:00 pm. The seminar is free, but please email Melvyn Sacks at for reservations.
U.S. corporations have been under attack by cyber criminals and consumers have lost millions of dollars in such attacks. A Washington think tank has estimated the likely annual cost of cybercrime and economic espionage to the world economy at more than $445 billion — or almost 1 percent of global income. According to the report, the most advanced economies suffered the greatest losses. The United States, Germany and China together accounted for about $200 billion of the total in 2013.
Firms hit includes Target, Anthem Blue Cross, Home Depot, EBay (with $233 million in losses), and Neiman Marcus. Banks have also been hit especially hard. Recently a gang of cyber criminals used highly sophisticated software to observe money transfer procedures of banks across the world and transferred about one billion dollars to themselves. The “secure” Apple Pay on I-phones has been attacked by hackers on about six percent of Apple Pay transactions. The smallest flaw in software and email phishing attacks opens the door to major thefts for corporations and individuals, and can go undetected for months. The cost of defending against these attacks can amount to tens or hundreds of millions of dollars for each corporation. At long last American banks are heading in the direction of secure credit cards, similar to that prevalent in Europe for years, but without required PIN numbers.
Tonight we will examine the threat of cyber hacking and what, if anything, can be done about it.