Malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016, the White House said Friday.
The estimate comes in a Council of Economic Advisers report on the impact of cyber attacks on U.S. government and industry. The report details the range of threats that U.S. entities face from actors, including corporations and countries such as Russia, China, Iran and North Korea.
“Cyber threats are ever-evolving and may come from sophisticated adversaries,” the CEA said in its report. “Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate.”
The CEA’s estimate represents between 0.31 percent and 0.58 percent of the 2016 U.S. GDP. For comparison, the report cites a Center for Strategic and International Studies report that estimated the cost of malicious cyber activities against U.S. entities at $107 billion in 2013, 0.64 percent of GDP that year.
The industries making up the largest shares of GDP also saw the highest shares of security breaches in 2016, according to the report. This includes manufacturing, government, healthcare and finance. The finance sector had the highest breaches of all industries, with 471 in 2016.
The report also notes that because big cyber attacks could create knock-on effects throughout the economy, individual private firms are incentivized to “rationally underinvest in cybersecurity” relative to the collective threat it poses.