Increased internet connectivity globally means more and more businesses and individuals are increasingly reliant on online activity and transactions. COVID-19, and the resultant need for businesses to work remotely, accelerated this shift. But increased online activity also comes with a conundrum. Should the internet, by extension, the security of the internet be labeled a public good?
What is a Public Good?
A public good, by definition, refers to services provided to all members of the public - mostly for free and typically financed through public taxation. Economists agree that before a good can be described as public it must possess two distinct attributes: it must be "non-excludable" and "non-rivalrous". While the former means that it is almost impossible to exclude anyone from using the good, the latter means the use of the good by one user does not prevent the use of the good by others. The most common examples of public goods are government services like national defense, police and public healthcare services.
The safety and security of lives and property (tangible and intangible) are one of the crucial pillars on which successful societies are built. Its relevance in stimulating investment, limiting uncertainty and fostering economic growth and development cannot be overstated. So, individuals and businesses pay taxes to governments who in turn provide security for all of society.
Is the internet a Public Good?
Internet infrastructure globally is mostly privately owned and deployed for profit. Internet service providers usually charge users subscription fees that are commensurate with the amount of band-width the users consume. The "non-excludability" characteristic of a public good means that the cost of keeping non-payers from benefitting from the good or service is prohibitive. Going by the aforementioned, internet access in itself cannot be defined as a public good. But while our lives increasingly depend on digital infrastructure to function optimally and governments, businesses and individuals reap the benefits of convenience, lower operating and transactions costs, access to information and a global marketplace, the potential threats have kept many on the edge and con-stantly looking over their shoulders.
The Cyber threat is Unprecedented
The sheer magnitude of the threat is one that we are unable to capture as it continues to grow in sophistication, frequency and potential impact. The integration of the internet to almost every other form of technology makes the cyber security risk even more elevated. Everything from identity theft to stealing data with the objective of modifying a machine's behavior is possible. Monetary losses are very common but artificial intelligence designed to breach national security or threaten financial system stability is something every country would consider an elevated risk.
In much the same way that security is a crucial enabler for thriving societies, cyber security is fundamental in nurturing development and technological progress in the digital space as well as un-locking the potential of digital technologies while ensuring that the outcomes are beneficial to society.
The malicious use of digital technology is one that comes with anonymity and almost consistently leaves efforts and investments in improving cybersecurity playing catch up. Many companies are investing heavily in cybersecurity with the value of the global market estimated to grow at a com-pound annual average of 15% in 2020-26 to reach $400bn by 2026.5 This is expected to be driven by the ever-increasing demand for robust and secure networks by businesses and governments for safe data accessibility as they progressively migrate their core businesses to digital platforms.
For the companies who choose not to deploy cybersecurity measures, they leave themselves at the mercy of on-line bandits who cost the world economy more than $1 trillion in 2020 - up by over 50% from $600bn in 2018.6 Beyond the monetary losses and the attendant system downtime that accompany these cyber attacks, the theft of intellectual property is particularly damaging. So while some governments and corporations have the resources to constantly reinforce measures aimed at protecting themselves, others do not and risk falling victims.
A case for market failure
Typically, economists make the case for government intervention only when some kind of "market failure" has occurred. This is a situation where individual incentives for rational behavior do not amount to rational outcomes for the collective and leads to an inefficient distribution of goods and services in the free market. In the case of the internet, cyber criminals prey on the un-protected and, through innovation, continue to device ways to penetrate even the most encrypted digital fortresses while remaining anonymous for the most part. They do so because they can -and will continue to do so until they can't. The incentive to continue to sharpen and deploy their hack-ing skills far outweighs the incentive to not do so. What they consider rational behavior is clearly detrimental to an increasingly digital world and will not amount to rational outcomes.
Therefore, for shared prosperity in a secured digital future, the investments in cyber security and the incentive for improvements cannot be less than the incentive for cybercriminals to innovate. Playing catch-up is not an option. There is way too much at stake. Government intervention is therefore necessary and cyber security simply has to be viewed as a public good. Strengthening and securing the digital space requires collective action by all relevant stakeholders while the burden of the cost has to be shared among them equitably.