Given the rapid digitization of societies and the increase in costly and sophisticated cyber incidents, there is a rising need to prioritize cybersecurity in the investment agendas of economic actors, especially, governments and firms. However, a major bottleneck in mainstreaming cybersecurity investments is the unclarity in the returns and the unidentified link between cyber incidents and economic performance. This literature survey brings together empirical studies on the direct and indirect costs of cyber incidents, highlighting issues in the study of risk-based approaches based on current estimates that could lead to misinformed decisions. First, this survey identifies the vast variety of unfounded estimates of the cost of cyber incidents. Second, the analysis dives into the difficulty of assessing the full spectrum of costs due to the existence of nonnegligible indirect costs. This article argues that to accurately protect cyberspace, policymakers and stakeholders should aim to understand the full spectrum of economic costs of cyber incidents by promoting research through data collection efforts.
Authors
- Disclosure Date
- 2024/09/24
- Disclosure Status
- Disclosed
- Doc Name
- A Review of the Economic Costs of Cyber Incidents
- Pages
- 28
- Product Line
- Advisory Services & Analytics
- Published in
- United States of America
- Rel Proj ID
- 1W-The Economic Rationale Of Cybersecurity -- P178769
- TF No/Name
- TF0B8289-Cybersecurity Estimating Economic Benefits
- Unit Owning
- Infra - Chief Economist Infra (INFCE)
- Version Type
- Final
- Volume No
- 1
Table of Contents
- 1. Introduction 2
- 2. The direct costs of cyber incidents 2
- 3. The indirect costs of cyber incidents 4
- 3.1 Stock market reactions to cyber incidents and reputational effects 5
- 3.2 Supply chain systemic risks and spillover effects 8
- 3.4 Costs arising from delayed announcement 9
- 3.5 Response Costs 10
- 3.6 Costs arising from cyber risk 10
- 4 Challenges of studying the costs of cyber incidents 12
- 5 Conclusions and Discussion on Policy Recommendations 13
- References 15
- Computers Security 15
- IDB Working Paper Series 15
- ICIS 2006 proceedings 15
- Journal of Economic Perspectives 15
- Rotman School of Management Working Paper 15
- BIS Working Papers 15
- Journal of Financial Stability 15
- Review of 15
- Corporate Finance 15
- Journal of Ambient Intelligence and Humanized Computing 15
- Review of Accounting Studies 15
- The economics of information security and privacy 15
- The 15
- Geneva Papers on Risk and Insurance-Issues and Practice 15
- Decision Support Systems 15
- International Monetary Fund. 16
- Burgard M. 2021 Cyber Incident Response The Real Cost of Not Having a Plan or Cyber Insurance. 16
- Journal of Computer Security 16
- International Journal of Electronic Commerce 16
- International Review of Financial Analysis 16
- Journal of Financial Economics 16
- Computer Crime 16
- Information Sciences 16
- Statistical Methods Applications 16
- The Review of Financial 16
- Studies 16
- Information Management Computer Security 16
- Financial Management 17
- Journal of the Association for Information Systems 17
- Journal of Cybersecurity 17
- Transactions on Information and System Security 17
- Journal of Cybersecurity 6 17
- Journal of Information Warfare 17
- Ipsos MORI 17
- SN Social Sciences 17
- Risk Management and Insurance Review 17
- The Palgrave handbook of 17
- Finance 18
- Research Letters 18
- National Bureau 18
- Journal of Financial Economics 18
- International Journal of Electronic Commerce 18
- AEA Papers and 18
- Proceedings 18
- SSRN 18
- International Journal of Cyber Criminology 10 18
- International Monetary Fund. 18
- Board of Governors of the Federal Reserve System 18
- Journal of Global Information Technology 18
- Management 22 18
- Financial Review 18
- . Journal of Financial Markets 18
- Journal of Cybersecurity 18
- National Cyber Security Index NCSI. 18
- International Journal of Advanced Research in Computer Science 8 18
- Global Finance Journal 19
- Public Goods and the Fourth Industrial Revolution 19
- Journal of Cybersecurity 5 19
- Journal of Cybersecurity 19
- Central European Journal of International Security Studies 13 19
- Computers Security 19
- Minds and Machines 19
- Apress 19
- International Review of Financial Analysis 19
- Finance Research Letters 20
- Information Systems Research 20
- 2021 IEEE Symposium on 20
- Security and Privacy SP 20
- IEEE 20
- Security Privacy 20
- Digital Threats Research and Practice 20
- Appendix I Main estimations on the economic costs of cybersecurity incidents from industry stakeholders 2017-2023 20
