On 17 December, the United Nations Open-Ended Working Group on security of and in the use of Information anc communication technologies (ICTs) wrapped up the first substantive meeting of its five-year mandate to further develop the rules, norms and principles of responsible behaviour of states and the ways for their implementation. Mid-January, the UN open-ended ad hoc intergovernmental committee will hold its first meeting of their three-year mandate to elaborate a comprehensive international convention on countering the use of ICTs for criminal purposes. With these two important processes dominating policy dialogues around safety and security in cyberspace, it is imperative the international community comes together to ensure they go beyond just conversation and inspire concrete action to halt the growing trend of cyberthreats on businesses, communities and governments worldwide.
Governments are primarily responsible to protect their citizens from foreign and domestic, affiliated and unaffiliated threat actors with both political and criminal objectives, which also applies in cyberspace.
Cost of global cybercrime alone, was estimated in 2020 at €5.5 trillion, up from €2.7 trillion in 2015. Should this trend remain unaddressed, we can reasonably expect another doubling of this cost to €11 trillion by 2030, corresponding to the combined nominal GDP of Germany, France and Japan in 2020.
Alarmingly, cybercriminals are not the only nefarious actors citizens and the business community must defend against. There is also a growing number of states investing and working in destabilising activities in the cyberspace, targeting critical infrastructures and other vital societal functions.
Looking beyond disruptions of critical infrastructures and monetary losses of cybercrime, non-monetary costs are also on the rise as the public becomes acutely aware of, and increasingly concerned about cyberattacks. Citizens of 28 countries surveyed across the globe in 2020 stated that their fear of cyberattacks was on par with their fear of contracting COVID-19 at the peak of the pandemic.
Governments must take action to control and help reverse the tide of deteriorating cybersecurity and cyber safety conditions, and fully implement international and national instruments and for ambitious and concrete actions including:
- upholding commitments to international law and norms of responsible state behaviour in cyberspace,
- bolstering cross-border cooperation to effectively tackle cybercrime,
- implementing and enforcing legal instruments that deter malicious cyber activity and
- curtailing the proliferation of offensive cyber tools, instruments and cyberweapon.
Crucially, increased government action must be based on broad multistakeholder dialogue to find an appropriate balance and not hamper entrepreneurialism, innovation and prosperity.
While actions by governments must be taken to minimise threats, the private sector invests heavily in developing and deploying secure technologies. The private sector is also expanding preventive actions such as the security of the software supply chain and critical infrastructure protection. Spending on cybersecurity will surpass US$ 150 billion in 2021, an increase of 12.4% over the previous year. In addition, businesses spend significant time supporting and collaborating on initiatives to promote norms for responsible uses of technology and information.
ICC, as the world business organisation with a network of more than 45 million companies in over 100 countries has a mission to enable business to secure peace, prosperity and opportunity for all. To achieve this, a safe, secure, resilient and peaceful cyber-space is no longer an option, but a necessity.
Global cybersecurity conversations have laid an invaluable foundation by establishing and reinforcing norms and principles for responsible behaviour in cyberspace and to fight cybercrime. But the dialogue cannot stop here. Undermining the security of ICT supply chains, attacking healthcare organisations, threatening energy, transportation, and jeopardising food resources cannot become the kinds of activities that are normalised due to inaction.
The private sector calls on governments to make cybersecurity everyone’s business and turn the infinite into definite by acting now. ICC’s latest issue brief on cybersecurity offers some inspiration.