Throughout 2020 and 2021, both Republican and Democratic lawmakers have proposed numerous new antitrust measures to alter how big tech companies operate. While these measures may be politically popular given the growing public hostility towards big tech companies, proponents of these new laws have failed to consider the substantial benefits and cybersecurity protections these companies offer to consumers. Equally concerning is how lawmakers have failed to consider how government-imposed restrictions on big tech could leave sensitive consumer information vulnerable to cyberattacks and data breaches.
Rather than imposing laws that harm the ability of big tech companies to offer robust and groundbreaking data protection measures, Congress should be crafting a regulatory environment that incentivizes private sector investments in cybersecurity and data protection.
Unfortunately, the passage of current antitrust proposals will do the exact opposite.
Americans are concerned about how their data is handled online. A recent poll conducted by the Pearson Institute and the Associated Press found that “9 in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities. About two-thirds say they are very or extremely concerned.”
Americans’ deep concerns about cybersecurity are not unfounded. It is estimated that between January 1, 2021, and September 30, 2021- a period of just 272 days- there were 1,291 data breaches. That amounts to almost five each day. It’s important to note that these are just reported data breaches. It is believed that between “60% and 89% of security incidents go unreported.”
For businesses and consumers, the effects of a data breach can be substantial. For companies, the financial cost of each data breach is estimated to be around $8.64 million and severe reputational damage. For consumers, data breaches not only result in identity theft but unquantifiable damage to a victim’s mental health.
Recognizing the substantial problems data breaches can pose, big tech platforms have made significant investments in cybersecurity and data protection, investments smaller companies cannot afford to make. For example, in September 2021, Facebook, a company regularly targeted by lawmakers, stated it had invested more than $13 billion into cybersecurity since 2016. Similarly, Microsoft has pledged to make a $20 billion investment in cybersecurity over the next five years, with Google promising $10 billion.
These investments could not be made by smaller companies that have less capital to invest in robust cybersecurity and data protection. These investments should warn lawmakers that altering how big tech companies generate revenue could see them unable to make these significant investments, thereby leaving consumer data in the hands of sophisticated cybercriminals.
Despite its importance to the cybersecurity ecosystem, acquisitions of smaller start-ups by big tech could be under threat from new antitrust proposals. Several bills currently under congressional consideration would prohibit large tech firms from acquiring smaller start-ups. For example, in 2014, Facebook acquired a small start-up named PrivateCore that specialized in encryption technology and server security. After announcing the deal, Facebook stated it intended to “deploy PrivateCore’s technology…to better protect its own servers and customers.” That same year, Google announced it had acquired security start-up, Imperium, with the intent to deploy its specialization in “controlling spam and eliminating fraud and web abuse online.”
In both these instances, acquisitions that would likely be prohibited by antitrust reform allowed big tech platforms to protect their consumers better. Without these acquisitions, consumers and big tech companies would have been left with inferior cybersecurity provisions and an increased likelihood that consumer data would fall into the hands of cybercriminals.
While passing new antitrust laws might be politically popular, it is evident that lawmakers ignore the reality that any alterations or restrictions on how big tech companies operate could see consumer data vulnerable to increasingly sophisticated and aggressive cybercriminals. Rather than creating a regulatory environment that leaves consumers and consumer data open to vulnerabilities, Congress should be crafting a political environment that incentivizes cybersecurity investments and acquisitions. Failing to do so puts consumers and businesses at unnecessary risk.
This article was published in the Economic Standard.