In the summer of 2007, an unexpected threat was on the horizon for the U.S. and global economy. August 2007 marked an opening salvo in how systemic risk can affect the global economy. As the Brookings Institute so eloquently observed in “The Origins of The Financial Crisis,” the crisis “had its origins in an asset price bubble that interacted with new kinds of financial innovations that masked risk; with companies that failed to follow their own risk management procedures; and with regulators and supervisors that failed to restrain excessive risk taking.” Many of these very elements and correlations are inflating the growing cyber security bubble and many of the same “fox watching the chicken coop” tendencies are influencing this systemically important market.
The Federal Reserve estimated that the Great Recession cost the U.S. $14 trillion in economic activity. State unemployment insurance trust funds borrowed a total of $50 billion from the Federal Government to replenish their coffers as jobless claims soared. Plummeting home values saw approximately 11.6 million households owing more than their homes were worth by the end of the recession. These types of systemic correlations exist in the fast-growing cyber security market, which encompasses a wide range of interconnected services, such as IT security, crisis response, compliance, and, perhaps most importantly, the cyber insurance market, which attaches to the balance sheets of more than 80 insurers – and through them to the economy writ large.
In the aftermath of the Great Recession, several measures were put in place to prevent such a catastrophe from occurring. However, this “Monday Morning Quarterbacking” should give us pause; what other crises are looming on the horizon where measures can be proactively implemented to prevent or mitigate the next big one? While August 2007 was a specific timeframe that can be referenced as the “beginning” of the Great Recession, an equally insidious threat has been menacing the global economy ever since, namely systemic cyber risk.