Economic Foundations of Cybersecurity Strategies


Economic Foundations of Cybersecurity Strategies


17-18 Dec 2014



Nordic Hotel Forum, Tallinn (Estonia)

Participation fee:

no fee


Approaching this topic from both the public policy and economic perspectives, this one and a half-day workshop brings together a selected group of experts actively involved in research on the economic foundations of cyber security. The workshop will be divided into four sessions:

1.   Economic aspects of national cybersecurity strategies

The protection of economic assets is a goal adopted by most cybersecurity strategies worldwide. This session will be dedicated to a discussion of  the economic dimensions of cybersecurity strategies from different perspectives, including the economics of information security and the economics of national security.

2.   Cybersecurity as a public policy and the role of government

Drafting, adopting and implementing national cyber security strategies has been a concern for an increasing number of States. But how does a state define the proper level of cybersecurity? During this session we will analyse whether states are in the best position to allocate resources for cybersecurity and be able to correct market failures. How can a State incentivise private actors to invest in a sufficient level of cyber security? What is the appropriate mix of policies? Are there useful case studies or models available to assist States in this decision-making process?

3.   Metrics to assess the efficiency of cybersecurity strategies

Given the considerable investments in cyber security from both the private and public sector, how could a State (or any other actor) come up with the proper metrics to assess the efficiency of policy measures? What are the metrics that could be applied and who should be in charge of determining these models?

4.   Cybersecurity industrial complex

An increasing number of countries is seeking to develop advanced scientific and technological knowledge in a “cybersecurity industrial complex”. While this can be a way of ascertaining technological leadership and lead to better security standards and practices, it may also lead to fragmentation in a technology race. This session will explore how States can implement an industrial policy that aims at developing and enabling new players in the cybersecurity industry while avoiding potential downsides of national rivalry?

The workshop is intended for policy makers, practitioners as well as scholars. It is chaired by Prof. Johannes M. Bauer (Michigan State University).
The workshop registration is invitation-based only. For further inquiries, please contact

Project report is now available here.