iit_cnr_logo
Trust, Security and Privacy RESEARCH UNIT
Who we are People Research PROJECTS Education Conferences Collaborations
cnr_logo
Trust, Security and Privacy RESEARCH UNIT
Who we are People Research PROJECTS Education Conferences Collaborations

Cybersecurity Economics

Cyber security measures are costly to implement but the impact of cyber security breaches could be devastating. Organisations cannot simply implement every security measure possible, but they must look for approaches to balance their expenditure. Thus, cyber security cannot be seen as a purely technical problem but its monetary implications must be carefully studied from the economic point of view as well.

Risk assessment is a powerful economic instrument that helps to make an objective decision under uncertainty. It is understandable by high level managers and links technical and economic perspectives of cybersecurity. It helps to select the most appropriate alternatives as at operational as well as on strategic level.

We investigate approaches and apply them to practical solutions for conducting quantitative risk assessment. In particular, our group offers a simple risk assessment service for SMEs in the scope of the observatory. We apply risk assessment in various fields, including cyber security certification, in order to make sure that generic best practices are indeed effective for a concrete organisation. Our risk-based solutions provide support to decision-making procedures for access and usage control systems, comparing web/cloud services, cyber attack analysis, etc.

Risk assessment is a core technique for insurance. We research methods to help insurers to establish practices for security-discriminating premium specification in order to guarantee fair prices for insureds with different security configurations. We also conduct a number of theoretical studies to investigate the effect of cyber insurance on self-investments in cyber security, and propose solutions for ensuring high level of security.