Cost of a Cyber Incident: Systematic Review and Cross-Validation   [open pdf - 3MB]

From the Objectives: "This study is part of an analysis by the Cybersecurity and Infrastructure Security Agency's (CISA's) Office of the Chief Economist (OCE) to understand the impacts, costs, and losses from cyber incidents to enable cyber risk analysis and inform cybersecurity resource allocation decisions. [...] The goal is to provide a systematic review that contains a thorough characterization of the current state of the literature and a meaningful synthesis of the published results. More specifically, OCE's analysis has three primary objectives. The first objective is to conduct an in-depth survey of the cyber loss literature and to identify the extent to which the costs of cyber incident losses have been tracked and analyzed within the private and public sectors. The second objective is to identify defensible estimates of cyber losses that are based on historical data and can be used to inform prospective analyses of cybersecurity investment benefits. The third objective is to clearly understand the limitations of the currently available estimates and identify a potential approach to resolving the informational and methodological gaps."

Public Domain
Retrieved From:
Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/
Media Type:
Help with citations