Every organisation and government need to know how much is necessary to invest in cybersecurity and how much is enough. Looking at the available literature, it is to be noted that little attention has been given to a fast thriving discipline, namely, the economics of cyber security which provides for some interesting and relevant models to measure the investments made in cybersecurity through cost-benefit tradeoffs
This project report summarises the main findings of a project launched by the NATO CCDCOE in 2014 which stemmed from the analysis of national cyber security strategies (NCSS) and aimed at trying to evaluate the underpinning economic elements for the drafting and adoption of NCSS worldwide. It aimed at addressing the questions from a public policy standpoint and tackled matters such as measuring cost of cyber insecurity, assessing the economic efficiency of a NCSS and economic incentives for all stakeholders involved. This report gives an overview of the basics of economics of cybersecurity and attempts to apply these in the context of NCSSs’. In particular, it looked at the UK’s efforts in this area. The general conclusion reached in this report is that there is not enough data currently to measure such costs unless appropriate identification of the roles and responsibilities are appointed within structures, be it governments or private organisations.