55 billion euros lost annually to cyber espionage.
289,000 jobs at risk.
No workable solutions.
26,000,000,000 new devices soon to go online.
European and US officials warn that foreign governments are hacking into “everything that doesn’t move” to steal commercial secrets. Europe is securing personal information with all its might, but what about business information?
- Information like ongoing contract negotiations, customer and marketing data, product designs and R&D are commonly uploaded to the cloud already today.
- The risk of hacking is increasing exponentially as 26 billion personal devices, business and industrial equipment are about to become seamlessly connected in Industry 4.0.
- Within five years, an entire connected business can be copy-pasted, stolen and handed over to a competitor by a government-sponsored hacking group.
While all governments spy, ipso facto. But only a few do so to hand over the information to their industry. Spying is highly lucrative, especially for emerging countries.
- Verified historical data (IZA, 2017) shows the gains are substantial, equivalent of boosting exports to Europe by 30% even in the pre-internet era (ECIPE, 2017).
- Yet it is practically risk-free as government entities cannot be sanctioned under international law, and cyber espionage is undetectable in most cases.
- While Europe is one of the worst protected IT environments (Deloitte, 2016), it possesses the know-how in the sectors most attractive to emerging countries, like motor vehicles, biotech, infrastructure equipment, aerospace.
- It is estimated that 289,000 jobs could be at risk today (ECIPE, 2017). This exposure only increases with digitalisation – and by 2025, the losses is equivalent to a million jobs.
Both the United States and China have already responded to the risks by closing down their markets to each other in critical sectors. Europe is collateral damage in this conflict, and already lost market access in China over national security concerns.
- China has concluded treaties to end commercial cyber espionage with the US and its allies in the Five Eyes intelligence alliance, with considerable resources for cyber deterrence – while shunning Germany and other EU countries who are unlikely to develop such capabilities.
- The situation is untenable to Europe. At abroad, market access is increasingly limited due to new cyber security laws. At home, it is affected by cyber espionage, against which it lacks diplomatic, strategic or technical solutions to curb.
Europe will have no choice but to use the only option at its disposal: Disrupt China’s access to the Single Market to create a negotiation leverage.
- Legislative processes for EU-wide investment screening and product certification and stricter security screening of ICT vendors in some Member States are already in the works.
- Whether these measures help to secure European corporate data is secondary to the economic leverage it creates. By Europe’s moral imperative, it is China’s strategic choices that pushed the EU to the point of no return – thus, it is China’s responsibility to de-escalate the situation if it wants to keep the EU markets open for Chinese exporters.
This report stands on the shoulders of the work by CSIS, IZA, Council of Foreign Relations, the Directorate General for Safety and Security (DGV) at the Ministry of BZK of the Netherlands, and the German Federal Ministry of the Interior. The author also wishes to thank the assistance of Valentin Moreau and Nicolas Botton, as well as the invaluable comments by of Martina Ferracane, Bruno Macaes and European officials who have shared their insights.
Introduction: Digitalisation, statecraft and espionage
That cybersecurity is a serious topic in international economics will need no justification by 2025. However, at the time of writing – late 2017 – it may require a contextualisation to why commercial espionage is an economic issue for Europe. This study estimates that commercial cyber espionage puts up to €60 bn in economic growth and up to 289,000 jobs at stake in the EU.
The backdrop to this emerging crisis is the ever so fierce competition for global market shares and innovation between the world’s major powers. As we are a decade into the pivot to Asia, foreign policies of China and the US are blatantly driven by commercial objectives, and economics are shaping the strategic landscape. Emerging powers are putting economics at the centre of their foreign policies”.
In today’s economic statecraft, firm-level commercial interests are supported by government agencies, and cyber espionage is a central part of the policy toolbox. Senior US officials have warned that foreign powers are “trying to hack into everything that doesn’t move in America. Stealing commercial secrets … from defence contractors, stealing huge amounts of government information, all looking for an advantage.”
Since the East India Company of the 16th Century, the collusion between power and commerce has always been a fact of life – and internet is just a new chapter in that evolution. Just to mention two examples, a Chinese group (with alleged ties to People’s Liberalisation Army) conducted industrial espionage on thousands of western firms during 2009. The incident, called Operation Aurora in western media, implied an unprecedented degree of state and business collusion and targeted relatively ordinary business (such as banking and chemicals) rather than military intelligence. Moreover, Prism program of National Security Agency (NSA) made use of commercial over-the-top (OTT) services to eavesdrop on information, and targets include elected European officials.
All Governments spy, albeit for different reasons, but only a few do so for commercial motives, to pass on the acquired knowledge to their own companies. While the EU has used almost its entire political bandwidth in pursuit for privacy protection against the NSA and Silicon Valley, it heeds less to the warnings against industrial espionage, where tactical business information online concerning ongoing contract negotiations, customer information and intellectual property may be targets.
Ultimately, resilience against cyber espionage is about integrity and confidentiality of the data for businesses, in the same manner as privacy protection for individuals.
 Clinton, H R, Delivering on the Promise of Economic Statecraft, Remarks on November 17, 2012
 Becker, A, Hillary Clinton accuses China of hacking U.S. computers, Reuters, July 5, 2015, accessed at: https://www.reuters.com/article/us-china-usa-clinton/hillary-clinton-accuses-china-of-hacking-u-s-computers-idUSKCN0PE0TI20150705
 Cha, Nakashima, Google China cyberattack part of vast espionage campaign, experts say, Washington Post, January 14, 2010, accessed at: http://www.washingtonpost.com/wp-dyn/content/article/2010/01/13/AR2010011300359.html