Nishtman Strategy Institute

Cybersecurity Risks and KRG’s Technology Infrastructure

By Ameer Mirawdeli

We’re currently living in the information age and digital devices have taken over our lives, hence the need for safety and confidentiality on the internet is at an all time high. According to Cybersecurity Ventures[1], it was predicted that the cost of damages inflicted by cybercrimes would be $10.5 trillion by 2025.  Stuxnet was a cyberweapon created jointly by the US government and Israel, and it targeted an Iranian nuclear power plant which eventually infected 200000 computers and caused around 1000 machines to malfunction[2]. Another cyberattack that targeted the global shipping company FedEx resulted in a $300 million worth of financial damage and its stocks dropping by 79 cents per share[3]. The internet service company Yahoo! also faced what was known as the largest data breach in history in 2016 and had 500 million user accounts and their personal data stolen[4][5]. 

Countries and large corporations have invested large sums of capital on both their technological infrastructure and on acquiring experts and specialists in the field of cybersecurity. It is said that Microsoft intends to spend $20 billion to ensure its services are safe and protected from cyber attacks[6]. As of 2023, the US Government’s budget for the country’s cybersecurity is $15.6 billion[7], and we also have a country like the United Arab Emirates with a budget of $79 billion for the next five years (2022-2026). As the Kurdistan Regional Government is seeking technological progress and the digitalization of the government, what would be the repercussions of the leap towards the digital world? And what actions would the government take to protect and secure its facilities and its citizens on the internet? The KRG should plan to assign a budget for strengthening and empowering the security of its technological infrastructure. An effortless yet very crucial step the KRG can take towards this goal could be through providing training courses to the employees in its public sector to spread awareness, for human error is said to be the most prevalent cause of cyberattacks[9]. Perhaps the KRG also ought to bridge the gap between the lack of talents and the high demand of cybersecurity specialists for both the public and private sector whether through collaborating with academic institutions or international cybersecurity firms so as to train students and graduates with the required skills in order for them to ensure the safety of their workplaces.