BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Cybersecurity Is Expensive--That's Why We Should Offer Tax Incentives

Following
POST WRITTEN BY
Jeff Kosseff
This article is more than 8 years old.

Congress last overhauled the federal tax code in 1986, the year that IBM introduced its first laptop computer (weighing in at a svelte 12 pounds), Microsoft went public, and eight-bit Nintendo game consoles were all the rage. AOL would not offer Windows-based subscriptions for another six years.

Not surprisingly, the tax code does not address cybersecurity. That needs to change.

Presidential candidates are talking about their plans to change tax rates and eliminate certain loopholes. At the same time, policymakers are dealing with the endless loop of high-profile data breaches, and are discussing how to respond to countries that are believed to be behind these damaging attacks.

Rather than addressing these two vital issues separately, policymakers should consider how the tax system could promote cybersecurity.

A completely secure Internet would result in a global net gain of $190 trillion

This discussion has rarely occurred at the national level, but it is about time that it did. Our nation has long used tax incentives to encourage the private sector to make investments that are in the national interest. For instance, producers of wind farms receive a federal tax credit, in recognition of the importance of green energy. Similarly, electric vehicles receive a tax credit of up to $7,500.

Cybersecurity? Not a cent in dedicated federal tax incentives. In a report to the President on cybersecurity, the Treasury Department concluded that the incentives “would come at the expense of foregone revenue for the government or reallocation of existing fiscal obligations,” and recommending against them.

Granted, tax incentives for cybersecurity carry a price tag for the federal government, as do all tax benefits. But it is short-sighted to focus on the cost of the incentives without considering the money that it would save for the economy.

A report released this month by the Atlantic Council and Zurich Insurance Group estimated that by 2030, an insecure Internet would reduce global economic net benefit by $90 trillion. In contrast, a completely secure Internet would result in a global net gain of $190 trillion. And a Ponemon Institute report, based on a survey of more than 600 information technology professionals, found that  three-quarters of organizations do not believe that they are ready to handle cybersecurity incidents.

Cyberattacks on the private sector aren’t only a threat to our economy

Data breaches also threaten the viability of companies. According to the Ponemon Institute, the average cost of a data breach is $3.8 million, up from $3.5 million last year. For a small or mid-sized business, that could be enough to force its doors to shut (and it has been, in many cases).

And cyberattacks on the private sector aren’t only a threat to our economy. As seen after the hack of Sony last year, cyberincidents can have sweeping effects on international relations. And an attack on a government contractor can expose highly sensitive—and even classified—government information that could be used by our enemies.

While the government has always—and will always—play an absolutely essential role in data security, we never will achieve complete cybersecurity unless the private sector has made adequate investments. The Internet is neither purely public nor purely private; it has thrived because it is an open, interconnected network that relies on both government and commercial resources.

Private companies already have reason to invest in cybersecurity software, equipment, staffing and consultants. But companies face a number of important expenses, and it often is difficult for information security leaders to convince top leadership to make the necessary investments in cybersecurity.

States already are recognizing the need for cybersecurity tax incentives

That is where tax incentives, such as credits, could help. By reducing the overall costs, tax incentives would increase the likelihood that companies would increase their investments in securing their systems and networks. That is in everyone’s best interests.

Some states already are recognizing the need for cybersecurity tax incentives. For example, Maryland offers a 33% tax credit for investments of up to $250,000 in certain Maryland cybersecurity companies.

Tax incentives come in a number of forms, including reduced rates for companies that meet certain standards, accelerated depreciation for cybersecurity purchases, or tax credits for cybersecurity spending. Like Maryland’s, they could encourage investments in cybersecurity service providers. Policymakers should consider all options, with the end goal of increasing the security of our public and private networks, and reducing the number of high-profile data breaches.

Also on Forbes:

The views expressed in this op-ed are those only of the author, and not of the Naval Academy or Department of Navy.