Cyberattacks could cost trillions globally

Hackers target West African financial sector — Tim Cook makes privacy recommendations

— It’s the money issue of MC, starting with a prediction that cyberattacks will cost companies worldwide $5.2 trillion over the next five years. An Accenture study anticipates the attacks will hit tech companies hardest.

— West African financial institutions are under assault. Symantec uncovered a spree in an area where cybercriminals aren’t particularly common.

— Investment in cybersecurity companies is on the rise, but might not be sustainable. Strategic Cyber Ventures saw investment more than double from 2016 to 2018, but there are signs some of the companies receiving funds are barely alive.

HAPPY THURSDAY and welcome to Morning Cybersecurity! This is the proper description of what this otter is doing to its face. Some other thread said it was sleepy. Send your thoughts, feedback and especially tips to, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.


OUCH! CYBERCRIME LOSSES WILL STING — Research out today from Accenture found that cyberattacks could cost companies worldwide some $5.2 trillion over five years. That’s according to more than 1,700 CEOs and C-suite executives in Accenture’s first survey of business leaders on the financial toll from criminal hackers. High tech is expected take the biggest hit ($753 billion), followed by the life sciences ($642 billion) and automotive ($505 billion) industries. Seventy-nine percent of respondents said digital security still requires a dramatic improvement to ensure the continued rise of the digital economy. And, alarmingly, nearly three-quarters of respondents said cybersecurity issues had escaped their control thanks to the rise of technologies such as internet of things devices, which are increasingly commonplace across industries.

CYBERCRIME VISITS WEST AFRICA — Cybercriminals have taken up an unprecedented campaign of attacks on financial institutions in West Africa dating back to the middle of last year, according to research out today from Symantec. “Until now, Symantec has seen relatively little evidence of these kinds of attacks against the financial sector in West Africa,” the company wrote. “However, it now appears that there is at least one (and quite possibly more) groups actively targeting banks in the region.” Symantec witnessed attacks in Cameroon, Congo, Ghana, Equatorial Guinea and Ivory Coast using “off-the-shelf” malware that makes it harder to identify who’s behind the intrusions.

CYBER INVESTMENT — Global capital investment in the cybersecurity industry is on a precarious path, according to a report out today. The examination, from Strategic Cyber Ventures, a D.C. cybersecurity venture capital firm, saw $5.3 billion in global venture capital funding in 2018, nearly double the amount from 2016. “To get right to the point, this rate of investment is not sustainable,” the report states, attributing some of the funding to “zombies.” The firm’s analysis of those so-called zombies: “They’ve raised big rounds, growth has slowed, perhaps due to vendor fatigue or increased competition, and now organizations can’t raise at increased valuations from prior rounds, or at all, and are being propped up by existing investors that will eventually grow weary of keeping them alive.”

And while funding surged, the number of deals remains mostly static from 2017, meaning the average deal size is “now $15.8 million, a heavy right-skew driven by ‘mega’ cyber transactions worth more than $100 million over the past several years,” the firm found. Investors from California led the pack, accounting for almost half of worldwide investment in cybersecurity companies last year. However, Asia and Europe are catching up, rising to almost 25 percent of investment — up from about half of that in 2014.

COOK TACKLES PRIVACY’S ‘SHADOW ECONOMY’ — From our friends at Morning Tech: Apple CEO Tim Cook writes in an essay out this morning for TIME that he wants Congress to pass a federal privacy framework to address a “shadow economy that’s largely unchecked — out of sight of consumers, regulators and lawmakers.” Cook’s informal proposal calls for the Federal Trade Commission to require data brokers to register with an agency clearinghouse, making it possible for consumers to track how their data is being sold and deleted.

The central principle of his proposal, empowering the FTC to have greater oversight of data practices in the tech sector, largely aligns with others put forth by lawmakers and industry groups in recent months. Cook, who has repeatedly taken aim at other top tech firms over a series of data scandals, said the proposal would “shine a light on actors trafficking in your data behind the scenes.”

Not everyone is on board with empowering the FTC to oversee data protection. A coalition of 16 consumer, racial justice and tech groups are unveiling a new privacy framework today calling for the creation of a separate federal agency to oversee privacy concerns. “The U.S. needs a federal agency focused on privacy protection, compliance with data protection obligations, and emerging privacy challenges,” reads the proposal, backed by groups including the Center for Digital Democracy, the Electronic Privacy Information Center, Color of Change and the Media Alliance.

What else it says: The coalition’s proposal also opposes pre-emption of “stronger” state laws, pushing instead for a federal bill to serve as a national “baseline” for protections; it calls for a private right of action against companies that violate privacy standards — a prospect loathed by the industry; it says a privacy law should establish limits on the collection, use and disclosure of personal data, including enhanced limits of kids’ data; and it calls for the establishment of a “clear standard” for when companies should disclose user data to the government.

HOUSE COMPANIONSHIP — Four House members introduced companion legislation Wednesday evening to a Senate bill (S. 29) to create a White House Office of Critical Technologies & Security, which would coordinate federal efforts to reduce state-sponsored technology theft and supply chain threats. The bipartisan sponsors are Reps. Dutch RuppersbergerJim HimesMike Conawayand Will Hurd, and like the Senate sponsors, they were motivated at least in part by China’s behavior.

OUR BAD — In Wednesday’s MC, the Tweet of the Day referenced a Twitter account purportedly belonging to U.S. Cyber Command. A spokesman for the unit subsequently told MC that the account “is not [an] official U.S. Cyber Command social media presence.” MC regrets the error.

RECENTLY ON PRO CYBERSECURITY  A bipartisan group of House and Senate members introduced legislation directing the president to block exports to Chinese telecommunications companies that violate U.S. sanctions laws or export control laws. … The PCI Security Standards Council released new payment security guidelines. … European parliament elections are particularly vulnerable to hacking, officials say. … France is trying to figure out how to protect French companies’ data from surveillance under the U.S. Cloud Act.


— Patrick Burke has joined Phillips Nizer as a partner to lead the law firm’s data technology and cybersecurity group. He previously served as deputy superintendent for the New York State Department of Financial Services’ Office of Financial Innovation, where he led initiatives related to cybersecurity regulation and cryptocurrency.

This article originally appeared on