Economics of cybersecurity

Hadi Asghari; Michel van Eeten; Johannes M. Bauer

doi:10.4337/9780857939852.00021

Economics of cybersecurity

Hadi Asghari, Michel van Eeten, Johannes M. Bauer

Organisation & Governance

Research output: Chapter in Book/Conference proceedings/Edited volume › Chapter › Scientific

Abstract

The Internet has enabled tremendous economic and social innovation yet the underlying systems, networks and services sometimes fail miserably to protect the security of communications and data. Security incidents occur in many forms, including but not limited to the leaking and theft of private information, unauthorized access to information, malicious alteration of data, or software and service unavailability. Given the complexity of the problem, it seems improbable that security can be attained by eliminating all vulnerabilities. Moreover, preventative security measures are costly. Some level of uncertainty will therefore have to be accepted and choices need to be made, trading off competing objectives and limited resources. Recent research has developed approaches to better explain why certain security failures occur and others do not. These contributions clarified that security is not merely a technical problem that can be fixed with engineering solutions but that is also has important economic and behavioral dimensions that need to be addressed. Examining the incentives of players in the information and communication technology (ICT) ecosystem has been particularly fruitful in explaining the landscape of vulnerabilities and attacks that can be observed. The core of this work is rooted in information security economics. This chapter surveys the state of the art of the existing research with a focus on the criminal threats to cybersecurity.

Original language	English
Title of host publication	Handbook on the Economics of the Internet
Publisher	Edward Elgar Publishing
Pages	262-287
ISBN (Print)	9780857939845
DOIs	https://doi.org/10.4337/9780857939852.00021
Publication status	Published - 2016

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.4337/9780857939852.00021

Cybersecurity (TPM)
van Eeten, M. J. G., Hernandez Ganan, C., Gürses, F. S., van Wegberg, R. S., Parkin, S. E., Zhauniarovich, Y., van Engelenburg, S. H., Kadenko, N. I., Labunets, K., Akyazi, U., Bouwman, X. B., Jansen, B. A., Kaur, M., Al Alsadi, A., Lone, Q. B., Turcios Rodriguez, E. R., Vermeer, M., van Harten, V. T. C., Vetrivel, S., Oomens, E. (. C. )., Kustosch, L. F., Bisogni, F., Ciere, M., Fiebig, T., Korczynski, M. T., Moreira Moura, G. C., Noroozian, A., Pieters, W., Tajalizadehkhoob, S., Dacier, B. H. A., San José Sanchez, J., Çetin, F. O. & Zannettou, S.
1/01/10 → …
Project: Research

Cite this

@inbook{e18b702622cf454293288bb8c7fbf42c,

title = "Economics of cybersecurity",

abstract = "The Internet has enabled tremendous economic and social innovation yet the underlying systems, networks and services sometimes fail miserably to protect the security of communications and data. Security incidents occur in many forms, including but not limited to the leaking and theft of private information, unauthorized access to information, malicious alteration of data, or software and service unavailability. Given the complexity of the problem, it seems improbable that security can be attained by eliminating all vulnerabilities. Moreover, preventative security measures are costly. Some level of uncertainty will therefore have to be accepted and choices need to be made, trading off competing objectives and limited resources. Recent research has developed approaches to better explain why certain security failures occur and others do not. These contributions clarified that security is not merely a technical problem that can be fixed with engineering solutions but that is also has important economic and behavioral dimensions that need to be addressed. Examining the incentives of players in the information and communication technology (ICT) ecosystem has been particularly fruitful in explaining the landscape of vulnerabilities and attacks that can be observed. The core of this work is rooted in information security economics. This chapter surveys the state of the art of the existing research with a focus on the criminal threats to cybersecurity.",

author = "Hadi Asghari and {van Eeten}, Michel and Bauer, {Johannes M.}",

year = "2016",

doi = "10.4337/9780857939852.00021",

language = "English",

isbn = "9780857939845",

pages = "262--287",

booktitle = "Handbook on the Economics of the Internet",

publisher = "Edward Elgar Publishing",

}

TY - CHAP

T1 - Economics of cybersecurity

AU - Asghari, Hadi

AU - van Eeten, Michel

AU - Bauer, Johannes M.

PY - 2016

Y1 - 2016

N2 - The Internet has enabled tremendous economic and social innovation yet the underlying systems, networks and services sometimes fail miserably to protect the security of communications and data. Security incidents occur in many forms, including but not limited to the leaking and theft of private information, unauthorized access to information, malicious alteration of data, or software and service unavailability. Given the complexity of the problem, it seems improbable that security can be attained by eliminating all vulnerabilities. Moreover, preventative security measures are costly. Some level of uncertainty will therefore have to be accepted and choices need to be made, trading off competing objectives and limited resources. Recent research has developed approaches to better explain why certain security failures occur and others do not. These contributions clarified that security is not merely a technical problem that can be fixed with engineering solutions but that is also has important economic and behavioral dimensions that need to be addressed. Examining the incentives of players in the information and communication technology (ICT) ecosystem has been particularly fruitful in explaining the landscape of vulnerabilities and attacks that can be observed. The core of this work is rooted in information security economics. This chapter surveys the state of the art of the existing research with a focus on the criminal threats to cybersecurity.

AB - The Internet has enabled tremendous economic and social innovation yet the underlying systems, networks and services sometimes fail miserably to protect the security of communications and data. Security incidents occur in many forms, including but not limited to the leaking and theft of private information, unauthorized access to information, malicious alteration of data, or software and service unavailability. Given the complexity of the problem, it seems improbable that security can be attained by eliminating all vulnerabilities. Moreover, preventative security measures are costly. Some level of uncertainty will therefore have to be accepted and choices need to be made, trading off competing objectives and limited resources. Recent research has developed approaches to better explain why certain security failures occur and others do not. These contributions clarified that security is not merely a technical problem that can be fixed with engineering solutions but that is also has important economic and behavioral dimensions that need to be addressed. Examining the incentives of players in the information and communication technology (ICT) ecosystem has been particularly fruitful in explaining the landscape of vulnerabilities and attacks that can be observed. The core of this work is rooted in information security economics. This chapter surveys the state of the art of the existing research with a focus on the criminal threats to cybersecurity.

U2 - 10.4337/9780857939852.00021

DO - 10.4337/9780857939852.00021

M3 - Chapter

SN - 9780857939845

SP - 262

EP - 287

BT - Handbook on the Economics of the Internet

PB - Edward Elgar Publishing

ER -

Economics of cybersecurity

Abstract

UN SDGs

Access to Document

Fingerprint

Projects

Cybersecurity (TPM)

Cite this