Technology Sectors

Market Sectors

CEA Report: The Cost of Malicious Cyber Activity to the U.S. Economy

Today, the Council of Economic Advisers (CEA) released a report detailing the economic costs of malicious cyber activity on the U.S. economy. Please see below for the executive summary and read the full report here.

This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sector. Firms in critical infrastructure sectors may generate especially large negative spillover effects into the wider economy. Successful protection against cyber threats requires accurate data and cooperation across firms and between private and public sectors.


  • • We estimate that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.
  • • Malicious cyber activity directed at private and public entities manifests as denial of service attacks, data and property destruction, business disruption (sometimes for the purpose of collecting ransoms) and theft of proprietary data, intellectual property, and sensitive financial and strategic information.
  • • Damages from cyberattacks and cyber theft may spill over from the initial target to economically linked firms, thereby magnifying the damage to the economy.
  • • Firms share common cyber vulnerabilities, causing cyber threats to be correlated across firms. The limited understanding of these common vulnerabilities impedes the development of the cyber insurance market.
  • • Scarce data and insufficient information sharing impede cybersecurity efforts and slow down the development of the cyber insurance market.
  • • Cybersecurity is a common good; lax cybersecurity imposes negative externalities on other economic entities and on private citizens. Failure to account for these negative externalities results in underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment.
  • • Cyberattacks against critical infrastructure sectors could be highly damaging to the U.S. economy.

Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...