States spend a lot of time worrying about spies, and a lot of money trying to protect themselves from espionage. They construct multilayered personnel policies to keep untrustworthy individuals from government jobs that involve handling classified information. They invest heavily in complex information systems to block access to sensitive communications.

What are the costs of cyber espionage? And how do they differ from those of operations designed to prepare for attack?

In 2010, Stuxnet, a stealthy, sophisticated computer worm widely attributed to the United States and Israel, infiltrated Iran’s Natanz uranium enrichment facility and sabotaged its industrial controls, delaying Iran’s nuclear program without a single bombing raid or overt military strike. A few years later, Russian operatives hacked into U.S. political organizations in 2016, stealing and leaking emails in an effort to sway the presidential election. At the same time, Chinese state-sponsored groups quietly penetrated foreign government and corporate networks to siphon off military technology and industrial secrets over many years. These incidents, though bloodless and often deniable, had clear strategic stakes.

Russia has been repeatedly accused of employing non-state cyber proxies to conduct sophisticated cyber-attacks and information operations aimed at influencing US elections. These allegations, notably around the contentious 2016 US presidential election, have attracted substantial global attention, underscoring critical vulnerabilities within democratic institutions.

Economic cyber espionage represents an ongoing threat to both nations and markets, yet unlike other cyber threats, it remains largely uninsured. This does not have to be the case. The underinsurance for economic cyber espionage is more of a mechanical problem, with coverage gaps hinging on proving damage to intangible assets. In fact, this protection gap persists even when attackers are “incompetent” (i.e., unable to use the IP they steal), since victims still incur measurable, indemnifiable costs.

The security of open source software (OSS) has morphed from a niche technical concern to a central cybersecurity policy challenge. High-profile incidents have led to suggestions for governments to help strengthen the OSS ecosystem, including calls for funds built to support open source projects and their maintainers, such as a proposal for an EU Sovereign Tech Fund. This research examines the argument that unconditional funding—namely, financial support without specific requirements for the recipient—causally improves the security posture of OSS projects.

The United Nations Educational Scientific and Cultural Organization (UNESCO) has designated 2022-2032 the International Decade of Indigenous Languages. This initiative comes at a time when endangered language speakers, linguists, and other groups are concerned about language extinction and the rapid spread of artificial intelligence (AI). Some researchers are optimistic that AI can be leveraged to help document, preserve, and revitalize at-risk languages, while others are concerned that the technology will accelerate the homogenization of human language.

Supply-chain decoupling doesn’t stop rival nations from hacking each other and can make it worse. A cyber-espionage expert explains what does work.

Between 2010 and 2022, 80 countries enacted new legislation or amended existing laws in an attempt to curb the spread of misinformation online. This sharp and global adoption of misinformation laws, however, cannot be explained by the sudden emergence of false or misleading information, as these problems have existed for a very long time.

Insecure software is a national security risk, costs the U.S. billions of dollars annually, and exposes users’ information to malicious actors. Software developers (vendors) who fail to securely develop their products currently face few legal repercussions, even if they engage in industry-agreed bad practices.

In a given month, more than 100 million people open Pokémon Go—the app that allows users to superimpose the world’s most profitable media franchise onto reality using only their smartphone. Using their phone camera and a flick of the wrist, they captured tiny digital monsters at the park, at the office, sometimes in active minefields, and, yes, in the bathroom.

Who else was watching?

Cyber espionage is the use of cyber tools and techniques to gather intelligence or steal sensitive information from targeted entities. This form of espionage poses significant risks to national security, economic stability and corporate integrity. Given the complex and often hidden nature of cyber espionage activities, accurately measuring their costs presents a significant challenge.