With the world’s increasing reliance on technological and online infrastructure, a new potential battlefront has opened up from which certain groups can cause catastrophic damage to countries’ security and reputation. Cyber-attacks are gaining increasing publicity on the world stage, from the NotPetya attack on Ukraine in 2017 to ransomware attacks such as on Swissport in February, and not least, in Die Hard 4. The effects of a large-scale cyber-attack on a nation have not been fully realised outside of fiction, but with the possibility of Russian cyber-attacks looming on NATO and its allies, such an event has been brought into sharp focus.
Damage to key infrastructure is not unprecedented, and even back in 2017, hacking groups had the ability to paralyse large corporations, as seen in the attack on A.P. Moller-Maersk that left close to a fifth of the world’s shipping capacity dead in the water, in turn causing up to $300 million worth of damage. A similar attack on shipping or other cargo industries in the UK could be devastating as in 2019, Britain only supplied 55% of its own food consumption. Groups can also target other sectors of infrastructure, as seen in the PowerGrid shutdown in Ukraine in 2015. Such a disruption, especially in dense cities such as London, could cause outages and further issues that could affect operations for weeks, resulting in a large loss of business.
Oxford Economics identified two threats to UK firms when asked to complete a study by the Centre for Protection of National Infrastructure: the increased cost of doing business, and distortion of long run investment. Cyber-attacks raise costs of production for firms, as new security systems need to be developed, creating downtime and a loss of overall productivity. This increase in costs and consequential loss of productivity leads to reduced production, causing shortages and resulting in cancelled business across the UK. Oxford Economics also concluded that cyber-attacks often disrupt investment and dissuade investors from industries with frequent attacks, such as consumer electronics. If the UK became subject to a number of cyber-attacks, these factors would be exaggerated, and investment in key service and technology sectors would decrease dramatically, unlikely to recover until the threat of further attack had gone.
An attack on firms was seen in the NotPetya attack on Ukraine in 2017, condemned by many as an act of cyberwar initiated by a Kremlin-linked hacking group known as ‘Sandworm’. The virus spread like wildfire, affecting corporations from hospitals in Pennsylvania to a chocolate factory in Tasmania through an initial weakness in unpatched Microsoft software. The attack crippled multinational companies and caused an estimated $10 billion in damages. A focused attack on the UK in this way would have a similar effect, inflicting nine-figure costs on corporations operating here. Again, if these attacks were regular and intent on causing damage to the economy, such effects could lead to many firms going under, in turn causing a loss of GDP, jobs, and general economic welfare. These effects are not to mention the loss of reputation experienced from defacement or security breaches, which not only damage the short-term business of the company, but also often result in a loss of market share, potentially losing the business to other economies.
Investigations carried out by the Common Reporting Standard (CRS) into the effect of cyber-attacks on stock prices unsurprisingly found that companies with a greater reliance on the internet, which were therefore deemed most at risk by investors (unless convinced otherwise by knowledge of a strong cyber security capability), suffered the worst stock price reductions. Investigations into the stock price impact of cyber-attacks show that identified target firms suffer losses of 1%-15% in the days following an attack: losses of 1% tended to be for website defacing or similar actions, whereas decreases of up to 15% were seen when financial or other important private information was compromised. Targeted attacks in this way would lead to losses for shareholders of potentially millions, further dissuading investment, and would likely lead to the pound falling dramatically in value.
Many of the consequences of large-scale cyber-attacks have been devastating, and countries like Ukraine, who have been locked in a cyberwar with Russia for years, have certainly felt the damage caused. Although, as shown by the NotPetya attack and hundreds of other cases, the internet does not possess borders, and collateral damage is almost always a consequence: attacks on other countries could very easily spill over and affect the UK’s economy due to its highly globalised state. The constant evolution and progression of hacking groups’ lethality is another worrying prospect, and cyber-attacks, especially given the current geopolitical climate, could possibly be seen on a level and scale not yet experienced.
However, the increasing threat to companies’ and nations’ cyber security and the need to develop new systems have been contributing to and nurturing a thriving cyber security sector in the UK. Companies like BAE Systems Applied Intelligence, Darktrace and Immersive Labs are innovating on the forefront of the industry; the sector has even experienced double-digit growth this year, as found in a government study. The cyber threat is growing, and although economies and infrastructure are valuable targets, the UK was deemed the third leading Cyber Power in a Harvard study last year (behind the US and China), so we can certainly place some faith in the country’s ability to defend its economy.