Recently, the New York City Economic Development Corporation announced a new $100 million venture, Cyber NYC, with the intent to turn the city into a global cybersecurity hub. Though the goal of this program is to foster innovation and economic development, is it enough to drive the fight against persistent cyber threats?
According to the EDC, cyberattacks occur every 40 seconds around the world, affecting more than 3.8 billion users in 2017 alone. A study by IBM shows that the number of mega-breaches has risen significantly, from nine in 2013 to 16 in 2017. The average cost of each record lost is $148, with health care data valuing at nearly three times higher, reaching $408.
This may not seem like all that much to weather, particularly for Fortune 500 companies. However, when measured against the total number of stolen records, the dollar value of each breach soars to the tens of millions, ultimately impacting the economy (e.g., 1 million records exposed during a breach can equate to $40 million dollars). This is money that can be far better applied to proactive business activity rather than defensive capability and fallout.
New York City is home to some of the biggest names in the finance, health care and media industries, among others, which are under the constant threat of a cyberattack. To that end, it makes sense that the community, too, should be a focal point in the cybersecurity space. Understandably, news of this venture has stirred opinions about the urgency for data protection in NYC. What is too often overlooked, however, is the enormous promise the city already shows toward innovations in cybersecurity.
Some of the more interesting innovations in security and technologies already happen in New York. A great example is tied to the city’s flourishing blockchain ecosystem, which gives us uncommon exposure to experts in cryptography since private key management is a central component of identity verification and strong authentication. Blockchain projects, prominent in the Downtown Manhattan and Brooklyn startup culture, are leading the charge in innovation with some ambitious projects that focus on decentralizing identity.
YOU MAY ALSO LIKE
New York’s nonprofit community and its ties to corporate networks also aren’t to be underestimated when it comes to addressing workforce challenges in cybersecurity. Year Up is a national organization that, as the CEO puts it, “works to close the opportunity divide between the 5 million young adults who are disconnected from stable career pathways and the 12 million jobs requiring post-secondary education that will go unfilled over the next decade.” Information technology, including cybersecurity, is one such field that the organization offers internships in, with great input from New York Executive Director John Galante, a former CIO at JPMorgan Chase.
Cyber NYC includes what most would agree is a necessary component to workforce preparedness, and that is support of formal education and the valuable research that comes from it. Proposals discussed aim to catalyze growth in businesses, commercialization of local university research and, perhaps most significant, the education of college-age students and expansion of settings where cybersecurity work at different levels is performed.
The promotion of education and employment in a field that is suffering a serious talent gap is sorely needed. Thousands of organizations lack the resources needed to keep pace with today’s cybercriminals. A report by the ISACA estimates a global shortage of 2 million cybersecurity professionals by next year, and it’s predicted that there will be 3.5 million unfilled positions by 2021, according to Cybersecurity Ventures.
Students studying to pursue careers in the field are already predisposed toward creativity. Influencing their studies with new challenges in a collaborative setting, and promoting some of the best research coming out of colleges and universities, will mean the talent pool that feeds into startups and enterprises will have a stronger foundation on which to stand. Like any industry, cybersecurity could be one that stagnates and plateaus without new information, as well as human and other resources.
I believe it is only a matter of time before other cities follow suit. However, a realistic outcome of this should be one where participating regions build off their own strengths (similar to the way New York is doing so). The D.C. metropolitan area could reinvest in the human and other resources found at think tanks, universities and the military, while Houston could focus on oil, energy and critical infrastructure (the energy industry is looking into the enhanced capabilities blockchain can provide for internet of things system management, and the U.S.’s national utility control systems are highly susceptible to cyberattacks).
This heydey for mass data breaches we’ve seen can be something that’s shrinking in our rearview mirror if we utilize our strengths to keep hackers at bay. A local approach in promising jurisdictions like New York, when applied to our aggregate challenge, may be the model we need to fight the sometimes daunting challenge of dealing with security vulnerabilities and the inadequate resources to combat them.