Digital Dividends or a Development Destabilizer?

In 2016, the World Bank explicitly acknowledged the importance of cybersecurity as a concern for international development. For the first time in a World Development Report, the importance of managing digital risk was enumerated. As the "Digital Dividends" report noted, “some of the perceived benefits of digital technologies are offset by emerging risks.” Today, 80% of World Bank projects have information and communications technology (ICT) as a fundamental component.

As the UK Department for International Development notes in their newest digital development strategy, “digital technologies have the potential to revolutionise the lives of the poor, unlock development and prosperity, and accelerate progress towards global goals.” However, the 2016 World Development Report acknowledges that, although “digital technologies have boosted growth, expanded opportunities, and improved service delivery… their aggregate impact has fallen short and is unevenly distributed.” For the World Bank, the “emerging risks” associated with digital technologies may offset some of the “perceived benefits.”

In a report we will launch in the coming weeks, we dive deeply into the intersection of cybersecurity and international development. Here, however, I want to examine a key subset of that broader discussion: the relationship between attainment of the Sustainable Development Goals (SDGs) and cybersecurity.

The SDGs provide a set of goals around which the development community coalesces. Digital development and ICT for development (ICT4D) are means through which many of these ends are pursued. The goals are varied, but what they all hold in common is that they all seek to improve human security, institutional stability, and economic stability and growth. Technology can enable the attainment of every SDG. But in order to fully reap the immense benefits of connectivity and digitization, the technology that underpins it must be secure and the people that use it must understand how to do so responsibly and securely. Cyber insecurity impacts the economy, governance, and human security, in the developing and developed world alike. To really understand how, though, let’s examine the impact of cyber insecurity through the lens of the SDGs.

Let’s start with the economy. There is a good economic case for cybersecurity, and that case is only reinforced when we track it to the primarily economic SDGs. For example, Sustainable Development Goal #1—end poverty—targets to halve the number of humans living in poverty by 2030 and reduce inequality of economic opportunity. Similarly, SDG #8 on promoting ”inclusive and sustainable economic growth, full and productive employment and decent work for all” strives to “Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors.” The internet has been called the “great transformer” and is viewed by many in all corners of the globe as a great enabler of economic growth and prosperity. According to one study by McKinsey, the internet “contributed 7 percent of [GDP] growth over the past 15 years and 11 percent over the past five.” The same study found that “Internet ecosystem maturity related to rising living standards,” and that “the internet drives business transformation and economic modernization.” However, in order to foster consumption and encourage businesses to leverage the internet and other communications technologies, stakeholders must trust the systems they are using. Good cybersecurity supports economic growth by preserving the trust in and therefore the benefits of digitization and IT systems.

Trade can also be highly affected by cybersecurity or lack thereof. Take Sustainable Development Goal #10, which strives to “reduce inequality within and among countries.” As much as technology could reduce economic inequality and enhance trade, bad cybersecurity can exacerbate existing inequalities. Cyberattacks affecting digital commerce, critical sectors, and government agencies threaten to undo advantages gained through digitization. As a report from the Internet Governance Forum notes:

Effective cybersecurity is essential ‘to engage fully in the increasingly cyber-dependant trade and commerce. Robust cybersecurity frameworks enable individuals, companies and nations to realise the full potentials of the cyberspace, without fear or reservation, promoting cross-border delivery of services and free flow of labour in a multilateral trading system.’

Because evidence of cyber insecurity leads to mistrust in the ICT environment of a country, cyber insecurity puts lower income countries at a disadvantage on trade or attracting investment. How, for example, can lower income countries competitively offer services and platforms in the global market, if they are not deemed secure? How can developing countries attract foreign direct investment if the ICT environments is perceived as risky? The gap between cybersecurity haves and have-nots could further create obstacles to more evenly distribute the benefits of digital inclusion.

Sustainable Development Goal #9 seeks to “Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation,” because efficient infrastructure generates employment and wealth and can drive economic growth. These infrastructures include ICT infrastructure, but also things like transportation and manufacturing infrastructure. Although not specifically in the lower- or middle-income context, the 2017 outbreak of the WannaCry ransomware attack clearly demonstrated the capacity of actors to disrupt digitized sectors, affecting transportation systems, ports, and many others.

The internet has the potential to be used for both good and ill. If it is insecure and used for ill, that has the potential to undermine good governance. A number of SDGs aim to improve governance conditions. Sustainable Development Goal #16, for example, aims to “Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels.” Nascent technologies, like blockchain and cloud computing, hold great potential for reducing corruption and creating accountability structures for public institutions. Relatedly, SDG #11 strives to “Make cities and human settlements inclusive, safe, resilient and sustainable.” The rise of electronic governance (e-governance) and government (e-government) as well as the potential for big data to drive better policy decision making has led to greater efficiency in the delivery of services, tallying votes, collecting and utilizing information on the citizenry to craft better policies, and more.

The potential of ICT to help achieve these goals is unquestioned. However, as with economic growth, strengthened governance institutions and services based on technological interventions must be underpinned by trust in those technologies. India’s experiment with biometric and digital identification provides a clear case study in the potential for bad security to undermine the delivery of good governance and government services. Because so much personal data is stored in one place, the digital ID data set has become a frequent target for identity thieves and other criminals. The result is that a project intended to enhance India’s ability to govern may result in more and new problems for the same people whose lives it intended to improve.

Security, including cybersecurity, has traditionally been the purview of foreign offices and ministries of defense. However, cybersecurity is as much about human security as any other kind of security. A myriad of SDGs seek to address human security concerns. From ensuring the delivery of better healthcare (SDG #3) and ending hunger (SDG #2) to the delivery of critical utilities like water, sanitation, and energy (SDGs #6 and #7), ICT and digitization can deliver improved human security. Digitization in sectors like healthcare, agriculture supply chains, power delivery, and water and sanitation is yielding immediate dividends and improving the lives of millions around the world. However, as technology enables these improvements to reach more and more people, those same people become increasingly dependent on their reliable delivery. And yet, it is becoming increasingly easy to disrupt services like these via cyber means. As alluded to above, no sector was immune to the WannaCry ransomware and the healthcare sector in the United Kingdom was very publicly disrupted. In addition, the world has witnessed at least two instances where cyber vulnerabilities were exploited to cut off power to entire regions during cold, winter months. In digitizing these and other services, decision makers are creating new dependencies, which, if disrupted, could lead to not only net-zero outcomes, but potentially net-negative outcomes.

Digital risk is not new and the potential pitfalls of increased reliance on digital technologies was recognized by some early on. To help manage these risks, a burgeoning cybersecurity capacity building community emerged in the early 2010s. For the better part of a decade, the focus of this community has been on strengthening national capabilities, developing collective capability, and facilitating international cooperation and partnership in cybersecurity. Yet, this work exists largely separately from the development community. It’s time for this to change. Cybersecurity needs to become a mainstreamed concept across development practice, because just as digitization and ICT4D can bring great development progress, cyber insecurity can threaten those same and other advances.