Cybersecurity and the Public Good Argument

Sunday, March 14, 2021 / 04:00 AM /by FDC / Header Image Credit: ECHAlliance

Increased internet connectivity globally means moreand more businesses and individuals are increasingly reliant on online activityand transactions. COVID-19, and the resultant need for businesses to workremotely, accelerated this shift. But increased online activity also comes witha conundrum. Should the internet, by extension, the security of the internet belabeled a public good?

What is a Public Good?

A public good, by definition,refers to services provided to all members of the public - mostly for free andtypically financed through public taxation. Economists agree that before a goodcan be described as public it must possess two distinct attributes: it must be"non-excludable" and "non-rivalrous". While the former means that it is almostimpossible to exclude anyone from using the good, the latter means the use of the good byone user does not prevent the use of the good by others. The most commonexamples of public goods are government services like national defense, policeand public healthcare services.

The safety and security oflives and property (tangible and intangible) are one of the crucial pillars onwhich successful societies are built. Its relevance in stimulating investment,limiting uncertainty and fostering economic growth and development cannot beoverstated. So, individuals and businesses pay taxes to governments who in turnprovide security for all of society.

Is the internet aPublic Good?

Internet infrastructureglobally is mostly privately owned and deployed for profit. Internet serviceproviders usually charge users subscription fees that are commensurate with theamount of band-width the users consume. The "non-excludability" characteristicof a public good means that the cost of keeping non-payers from benefittingfrom the good or service is prohibitive. Going by the aforementioned, internetaccess in itself cannot be defined as a public good. But while our livesincreasingly depend on digital infrastructure to function optimally andgovernments, businesses and individuals reap the benefits of convenience, loweroperating and transactions costs, access to information and a globalmarketplace, the potential threats have kept many on the edge and con-stantlylooking over their shoulders.

The Cyber threat isUnprecedented

The sheer magnitude of thethreat is one that we are unable to capture as it continues to grow insophistication, frequency and potential impact. The integration of the internetto almost every other form of technology makes the cyber security risk evenmore elevated. Everything from identity theft to stealing data with theobjective of modifying a machine's behavior is possible. Monetary losses arevery common but artificial intelligence designed to breach national security orthreaten financial system stability is something every country would consideran elevated risk.

In much the same way thatsecurity is a crucial enabler for thriving societies, cyber security isfundamental in nurturing development and technological progress in the digitalspace as well as un-locking the potential of digital technologies whileensuring that the outcomes are beneficial to society.

The malicious use of digitaltechnology is one that comes with anonymity and almost consistently leavesefforts and investments in improving cybersecurity playing catch up. Manycompanies are investing heavily in cybersecurity with the value of the globalmarket estimated to grow at a com-pound annual average of 15% in 2020-26 toreach $400bn by 2026.5 This is expected to be driven by the ever-increasingdemand for robust and secure networks by businesses and governments for safedata accessibility as they progressively migrate their core businesses todigital platforms.

For the companies who choosenot to deploy cybersecurity measures, they leave themselves at the mercy ofon-line bandits who cost the world economy more than $1 trillion in 2020 - upby over 50% from $600bn in 2018.6 Beyond the monetary losses and the attendantsystem downtime that accompany these cyber attacks, the theft of intellectualproperty is particularly damaging. So while some governments and corporationshave the resources to constantly reinforce measures aimed at protectingthemselves, others do not and risk falling victims.

A case for marketfailure

Typically, economists make thecase for government intervention only when some kind of "market failure" hasoccurred. This is a situation where individual incentives for rational behaviordo not amount to rational outcomes for the collective and leads to an inefficientdistribution of goods and services in the free market. In the case of theinternet, cyber criminals prey on the un-protected and, through innovation,continue to device ways to penetrate even the most encrypted digital fortresseswhile remaining anonymous for the most part. They do so because they can -andwill continue to do so until they can't. The incentive to continue to sharpenand deploy their hack-ing skills far outweighs the incentive to not do so. Whatthey consider rational behavior is clearly detrimental to an increasinglydigital world and will not amount to rational outcomes.

Therefore, for shared prosperity in a secured digital future, theinvestments in cyber security and the incentive for improvements cannot be lessthan the incentive for cybercriminals to innovate. Playing catch-up is not anoption. There is way too much at stake. Government intervention is thereforenecessary and cyber security simply has to be viewed as a public good.Strengthening and securing the digital space requires collective action by allrelevant stakeholders while the burden of the cost has to be shared among themequitably.