Neil Gandal, Michael Riordan, Shalom Bublil, 04 June 2020

As digitalisation grows, cyber risks pose serious threats to businesses and consumers alike. However, the precautions taken to deal with these threats are often insufficient. This column examines the relationship between cyber vulnerabilities, (attempted) attacks, and precautions using firm-level data from the UK. More than 80% of the sampled firms have at least one vulnerability, and these firms were more than twice as likely to experience an incident compared to firms without vulnerabilities. Reducing vulnerabilities is key to dealing with cyberattacks and reducing cyber risks in the future.

Claudia Biancotti, Riccardo Cristadoro, 17 January 2018

Cyber attacks are becoming more frequent and increasingly costly. This column discusses some of the challenges involved in measuring the economic damage caused by these attacks, including a lack of agreement on how to assess damage, an asymmetrical distribution where a few large-scale incidents account for most costs, and externality effects. A measurement framework, estimation strategy, and reliable data will all be needed for successful policy evaluation.

Events

CEPR Policy Research