Economic Analysis of an Inadequate Cyber Security Technical Infrastructure

Citation
National Institute of Standards and Technology. Economic Analysis of an Inadequate Cyber Security Technical Infrastructure (Planning Report 13-1) (Feb. 2013) (full-text).

Overview
The focus of this study is on one component of cyber security &mdash; the cyber security technical infrastructure (CSTI). The CSTI is only one part of cyber security, but an important one that unifies cyber securities assets. This report summarizes the most damaging CSTI inadequacies, or gaps, from the perspective of U.S. industry's cyber security directors, and quantifies a first-order approximation of economic benefits of narrowing those gaps.

This study quantifies the economic benefits to firms' cyber security operations of reducing the number of incidents and breaches by 10% as a result of targeted CSTI research and development. In recent years, multiple studies have aimed to offer some sense of the drag of cyber security problems on the U.S. economy but without offering many specifics as to what the issues are and how those estimates relate to real business issues. In contrast, this study focuses the lens on what cyber security directors believe the problems are and what the tangible economic benefit would be to their operations by improving the effectiveness of the CSTI, and therefore their cyber security, by just 10%.