The Economic Measurement of Cyber Incidents
Authors
-
Tamás Szádeczky
AffiliationDepartment of Management and Business Economics, Faculty of Economic and Social Sciences, Budapest University of Technology and Economics, H-1111 Budapest, Műegyetem rkp. 3., Hungary
Czech CyberCrime Centre of Excellence C4e, Masaryk University, Zerotinovo nam. 9., 601 77 Brno, Czech Republic
-
Zsolt Bederna
Affiliation
Department of Management and Business Economics, Faculty of Economic and Social Sciences, Budapest University of Technology and Economics, H-1111 Budapest, Műegyetem rkp. 3., Hungary
Abstract
In recent decades, Information and Communication Technologies (ICT) have significantly evolved, further establishing the information society. However, ICT systems are subject to security incidents, and most malicious attacks have cascading effects. Decision-makers need to understand the potential financial effects of incidents if they wish to clearly perceive the potential risks and thus make an appropriate allocation of resources to ICT security.
Our research attempts to develop a comprehensive toolset for the analysis of cybersecurity incidents. The toolset is based on conventional methodologies of cash-flow evaluation and balance of payments. We discuss several use cases of real-world examples with incidents affecting essential service providers and manufacturers. The case studies involve incidents affecting energy service providers, banks, water utilities, aircraft manufacturers, car manufacturers, IT software providers, air, rail, and water transport companies, the pharmacy, and the health sector. Analysis of the incidents involves our framework being applied at three levels: organisational, governmental, and international.
Keywords:
cybersecurity, cash-flow analysis, risk managementCitation data from Crossref and Scopus
