When the financial crisis of 2008 hit, many shocked critics asked whymarkets, regulators, and financial experts failed to see it coming. Today, onemight ask the same question about the global economy’s vulnerability tocyber-attack. Indeed, the parallels between financial crises and the threat ofcyber meltdowns are striking.

Although the greatest cyber threat comes from roguestates with the capacity to develop extremely sophisticated computer viruses,risks can also come from anarchistic hackersand terrorists, or even from computer glitchescompounded by natural catastrophe.

A few security experts have voiced great alarm, including, most recently,Jonathan Evans, the head of the British Security Service (MI5). By and large, however, few leaders are willing tocompromise growth in the tech sector or the Internet in any significant way inthe name of a threat that is so amorphous.Instead, they prefer to establish relatively innocuousworking groups and task forces.

It is difficult to overstate thedependence of modern economies on large-scale computer systems. But imagine ifone day a host of key communications satellites were incapacitated,or the databases of major financial systems were erased.

Experts have long identified the electricity grid as the most acute vulnerability, since any modern economywould collapse without power. True, many skeptics argue that with reasonablelow-cost prophylactic measures, large scalecyber-meltdowns are highly implausible, andthat doom-mongers overstate the worst-casescenarios. They say that the ability of cyber-terrorists and blackmailers to take the global economy to thebrink, as in the 2007 Bruce Willis movie Die Hard 4, is utterly fictional.

It is difficult to judge who is right, and there are important experts onboth sides of the debate. But there do seem to be an uncomfortable number ofsimilarities between the political economy of cyberspace regulation and offinancial regulation.

First, both cyber-security and financial stability are extremely complextopics with which government regulators can hardly keepup. Industry remuneration for expertsis far in excess of any public-sector salary, and the best minds arecontinually bid away. As a result, someargue that the only solution is reliance on self-regulation by the softwareindustry. One hears this argument for many modern industries, from big foodto big pharma to big finance.

Second, like the financial sector, the tech industry is enormouslyinfluential politically through contributions and lobbying. In the United States, all presidential candidates mustmake pilgrimages to Silicon Valley and other tech centers to raise money. Excessivefinancial-sector influence was, of course, a rootcause of the 2008 meltdown and remains deeply implicatedin today’s continuing eurozone mess.

Third, with slowing growth in advanced economies, information technologyseems to hold the moral high ground, just as finance did until five years ago.And crude attempts by governments to enforce regulation are likely to proveineffective in protecting against catastrophe, while all too effective in strangling growth.

In both cases – financial stability and cyber security – the risk ofcontagion creates a situation in which a wedgecan form between private incentives and social risks. Admittedly, progress inthe technology sector overall often produces huge social-welfare gains, whicharguably outstrip those produced by allother sectors in recent decades. But, just as with nuclear power plants,progress can go awry in the absence of goodregulation.

Finally, the greatest risks come from arrogance and ignorance, two humancharacteristics at the heart of most financial crises. Recent revelations aboutthe super-viruses “Stuxnet” and “Flame” are particularly disconcerting. These viruses, apparently developedby the US and Israel to disrupt Iran’s nuclear program, embody alevel of sophistication far beyond anythingpreviously seen. Both are deeply encryptedand difficult to detect once inside a computer. The Flame virus has thecapacity to take over a computer’s peripherals, record Skype conversations,take pictures through a computer’s camera, and transmit information viaBluetooth to any nearby device.

If the world’s most sophisticated governments are developing computerviruses, what guarantee is there that something won’t go awry? How can we besure that they won’t “escape” and infect a much broader class of systems, or beadopted for other uses, or that future rogue states or terrorists won’t find away to turn them on their creators? No economy is more vulnerable than the US, and it is arrogance to believe that US cyber superiority (to all except perhaps China)provides it with impenetrable security fromattack.

Unfortunately the solution is not so simple as just building betteranti-virus programs. Virus protection and virus development constitute an uneven arms race. A virus can be just a couplehundred lines of computer code, compared to hundreds of thousands of lines foranti-virus programs, which must be designed to detect wide classes of enemies.

We are told not to worry about large-scale cyber meltdowns, because nonehas occurred, and governments are being vigilant.Unfortunately, another lesson of the financial crisis is that most politiciansare congenitally incapable of makingdifficult choices until risks actually materialize. Let us hope that we arelucky for a while longer.