Our modern lives depend on digital technologies such as social media, digital payments and e-government applications. This is even more evident for the business community, thanks to remote working, the Internet of Things and the digitisation of products and services. Despite the exponential growth of cyber attacks and the threat they pose, they rarely gets more air time than issues like supply chains.

The key question here: is cyber relevant for FDI? After all, cyber security is said to be a global problem, so it can hardly matter where one locates one’s project. Well, not quite.

There seems to be a particular geographical and industry-based risk exposure. It is, unsurprisingly, information technology and online service providers which are most affected, and US, UK and European companies. This is likely because this is where these types of companies are located. Just think of the 2017 attack of credit reporting agency Equifax, in which the personal data of 143 million US citizens was stolen. More recently there have been cyber attacks on critical energy infrastructure, such as on the Amsterdam-Rotterdam-Antwerp oil refining hubs in February 2022.

More from Martin Kaspar: 

• Why urban regeneration is not an infinite good
• Power grid tech holds the greatest FDI opportunity
• The remote working paradigm shift

Nation states and governments must do their bit in addressing this challenge. OECD countries are starting to put cyber security legislation in place and are defining security requirements for critical infrastructure. Europe has been active in setting up structures, such as the Elise network of artificial intelligence excellence centres or the Enisa agency for cyber security. These aim to support their local business community with capacity building, trusted solutions and practitioner-driven cyber security policy proposals.

While this offers little protection against mostly state-sponsored, malicious attacks that aim for disruption, sabotage or political and economic espionage, it at least offers a port of call for help. Quantum computing will only up the ante in this game. Quantum will enable malicious actors to solve the algorithms behind the encryption keys that protect our data and the internet’s infrastructure.

Harvesting attacks are the precursor to this, where hackers seek to gather files they cannot even access given that their encryption still holds. But with quantum, ‘steal now, decrypt later’ will become a real business model.

So, what does this practically mean in terms of FDI? As is already happening, cyber threats will only exacerbate de-globalisation tendencies. The ‘splinternet’, or breaking up of the internet into different factors, and quantum-safe cryptography standards all serve to separate the very foundations on which modern business is conducted. Setting up your greenfield project in a part of the world which has regulatory standards and aims to protect its critical infrastructure against such threats might prove to become a very real location choice factor.

This article first appeared in the October/November 2023 print edition of fDi Intelligence