Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Aug. 10 — Measuring the true economic impact of security incidents on critical information infrastructures (CIIs) is extremely difficult, the European Union Agency for Network and Information Security (ENISA) concluded in a report released Aug. 10.
CIIs are “systems that provide the resources on which all functions of society depend upon, of which a possible incapacitation or destruction, would have a significant effect on the security, economy and/or health of society as a whole,” the report said.
Studies on the economic impact of cybersecurity attacks on CII lack a unified and standardized approach because business factors often drive the development of the studies rather than the needs of stakeholders, the report said. As a result, there is great difficulty in determining the real economic impact of cybersecurity incidents to the EU.
ENISA conducted a systematic review to determine the total cost for a full recovery from a cybersecurity incident on CII by analyzing 17 studies that examined the different economic impacts of cybersecurity incidents.
The report is ENISA's attempt to make up for the lack of a common approach in past studies that examined cybersecurity incidents from different perspectives, only looking at certain industries, using different metrics or only including certain types of incidents.
“The aim of the study is to assess the economic impact of incidents that affect CIIs in EU, based on existing work done by different parties, and set the proper ground for the future work of ENISA in this area,” the report said.
The main finding of the study include:
The information systems of countries will become even more integrated over the next decade, making the need to identify the costs of cybersecurity even more important, the report said.
To contact the reporter on this story: George R. Lynch in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
The report, “The cost of incidents affecting CIIs,” is available at https://www.enisa.europa.eu/publications/the-cost-of-incidents-affecting-ciis/.
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)