The Office of the National Counterintelligence Executive has just published a report to Congress that presents a frightening picture of the degree to which other countries use cyber espionage to attempt to gain business and industrial secrets from US companies. And while the biggest perpetrators of cyber-espionage against American business are no surprise—China and Russia—some US allies have engaged in efforts to obtain sensitive business and technology information as well. The report projects that China and Russia will “remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.”

The same technological advances that many companies see as increasing productivity and reducing cost of operations are creating a huge risk of additional cyber-espionage by the ONCE’s assessment. The persistence of Internet-connected devices such as smartphones, the use of cloud computing and the rise of telework all elevate the risk of data theft, the report suggests. And the globalization of business through IT lowers the threshold further. “National boundaries will deter economic espionage less than ever as more business is conducted from wherever workers can access the Internet,” the report states. “The globalization of the supply chain for new—and increasingly interconnected—IT products will offer more opportunities for malicious actors to compromise the integrity and security of these devices.”

The biannual report is mandated by a provision of the 1995 law funding US intelligence organizations. But this edition is the first to focus heavily on cyber-espionage, reflecting how most critical data now passes over networks. The research behind the report also draws heavily from Defense Department intelligence resources as well as those of other US government agencies and the private sector.

The report pointed out that attribution of cyber-espionage efforts is difficult at best, and that while “Chinese actors are the world’s most active and persistent perpetrators of economic espionage” and the vast majority of attacks on US businesses have come from within China, the intelligence community cannot confirm who was responsible for them, let alone whether they were state sanctioned and funded.

However, the report classified the Chinese government as a “peristent collector,” and said that the Chinese frequently tried to exploit Chinese citizens or people with family or other connections to China working within US companies to steal electronic data from their employers. The the report also singled out Russia’s intelligence services as “conducting a range of activities to collect economic information and technology from US targets.”