Over the past decade, American consumers have become increasingly concerned about cyberattacks, cybersecurity, and data breaches. Currently, 87% of Americans say cybersecurity should be a priority for policymakers, while only 51% believe the government is doing enough to address the threat. Over the past decade, cybercrime has grown significantly. In 2010, for example, its estimated only 16 million records were exposed by data breaches. By 2020, that number had grown to 36 billion.
High-profile cyberattacks, such as the recent attack against “at least a dozen federal agencies” have only intensified the publics’ concerns. While this was the most recent high-profile attack, there are a reported 30 million cyberattacks each year. Unfortunately, no sector of the economy is immune to the threat of cyberattacks, as cybercriminals have targeted critical infrastructure such as power generation and distribution, taxpayers, users of social media, and consumers using ecommerce sites.
Cybersecurity experts agree that as we move into 2021, cyberattacks will become more numerous and more sophisticated.
At a time when cybersecurity is at the forefront of the public’s concern, Washington should be taking steps to encourage private capital investment in cybersecurity programs and platforms that ensure consumer data remains secure. Unfortunately, recent antitrust action that seeks to limit the size of big technology companies’ risks making it easier for cybercriminals to gain access to sensitive consumer information.
For companies, the financial and reputational effects of a cyberattack or data breach can be enormously damaging. IBM recently estimated that each data breach costs companies $3.86 million. Not included in the cost of these breaches are another $3.5 billion in losses stemming from internet crime, including IP theft and phishing scams, according to a 2019 report from the FBI.
Studies have also shown that companies that are victims of data breaches and cyberattacks also incur significant reputational costs that stem from lost consumer confidence. Consumer confidence in Equifax, for example, declined significantly after its data breach came to light in 2017 with its competitors also suffering as a result. After Equifax’s breach, a staggering 40% of Americans claimed they did not trust the company to securely handle sensitive information.
Given the financial and reputational damage data breaches and cyberattacks cause, it is not surprising that big tech companies have invested significant capital to enhance cybersecurity and prevent sensitive consumer data from falling into the wrong hands.
In 2019, Mark Zuckerberg announced that Facebook would spend more than $3.7 billion on improving its cybersecurity. Zuckerberg also announced Facebook planned to hire an additional 5,000 employees who would be responsible for ensuring user data remained secure.
Visa is another company that has been targeted by antitrust enforcers but has made substantial investments in cybersecurity and data protection. Visa is especially vulnerable to cyberattacks given that “every transaction that goes through payment cards is a point of entry for cyberattacks.” Visa has reportedly invested over $9 billion over the last few years to enhance its data protection platforms. This includes the establishment of 11 offices around the world that are staffed around the clock by cybersecurity experts who can respond to attacks and breaches in real-time.
Google has also made significant investments to improve data protection for its consumers. In 2020, for example, the company invested $450 million into ADT’s cybersecurity arm. This investment followed a $22 million investment in Snyk, a London based cybersecurity startup, a $100 million investment in cybersecurity firm CrowdStrike in 2015, and a $5 million investment in Duo Security in 2012. These investments have not only left consumer data more secure but has ensured the google remains able to respond quickly and effectively to data breaches and cyberattacks.
Were these companies to be broken up, as demanded by Congressional committees, the FTC, and various states, these investments would be lost as smaller companies simply do not always have sufficient capital to ensure that consumer data remains secure or to invest in innovative cybersecurity platforms.
Highlighting the importance of significant capital investments to cybersecurity, a recent study by the Small Business Administration found “88% of small businesses felt their business was vulnerable to cyber-attack” because “they typically lack the security infrastructure of larger businesses.” These concerns are not unfounded as cyberattacks on small companies are more common than attacks on large companies that have sophisticated cybersecurity platforms.
This should be particularly concerning because cyberattacks are becoming increasingly sophisticated, numerous, more expensive to respond to, take longer to detect, and tend to target smaller businesses that don’t have world-class cybersecurity programs. Regrettably, it seems that few policy makers in Washington recognize that when it comes to cybersecurity and consumer welfare, bigger can sometimes be better.