Economics of Cybersecurity: Foundation and Measurement

Learn why cybersecurity failures occur and recur in your organization and how to remediate them. Identify the economic investments that produce security successes. Develop a practical framework for measuring security and its driving factors.

Organizations face daily cybersecurity risks, such as ransomware, data leaks, and compromised emails. Often, the focus is on compliance with industry standards rather than addressing internal vulnerabilities. Effective security requires understanding the incentives for stakeholders, not just relying on technology.

This course covers key economic concepts to present security incentives within organizations and the broader ecosystem of suppliers, customers and IT providers. It examines the reasons behind recurring cybersecurity failures and uses case studies to explore and prevent these lapses. You'll learn to identify essential economic investments for security, to allocate resources efficiently, and make informed decisions balancing security needs with financial constraints.

Furthermore, the course covers the critical aspect of measuring security. Accurate measurement is essential to determine the effectiveness of your policies and identify best practices. Without it, investments are based on inputs like maturity frameworks and compliance rather than actual outcomes. Our course provides a causal framework for understanding security incidents, drawing on numerous empirical studies that show how specific interventions and policies impact security. You will learn to develop and evaluate metrics and KPIs related to your security initiatives. This framework will help you track progress, identify areas for improvement and demonstrate the value of your security investments to stakeholders.

With new laws like NIS2 requiring cybersecurity training, this course is ideal for professionals in IT management, auditing, compliance, risk governance and related fields. By the end, you'll be prepared to proactively address cybersecurity challenges and enhance your organization's resilience against threats.

What You'll Learn

After completion of the course, participants are in a position to:

1. Explain why certain security failures occur and persist in organizations
2. Identify the incentives that can help prevent security failures
3. Use a causal framework for security incidents that helps to develop metrics for the factors that increase or decrease the risk of failure
4. Distinguish supposed “best practices” from actual evidence on which security measures are effective