Cyber Economic Incentives

Cybersecurity practices lag behind technology. Solutions exist for many of the threats introduced by casual adversaries, but these solutions are not widely used because incentives are not aligned with objectives and resources are not correctly allocated. Secure practices must be incentivized if cybersecurity is to become ubiquitous, and sound economic incentives need to be based on sound metrics, processes that enable assured development, sensible and enforceable notions of liability and mature cost/risk analysis methods.

Research is required to:

• Explore models of cybersecurity investment and markets
• Develop data models, ontologies, and automatic means of anonymizing or sanitizing data
• Define meaningful cybersecurity metrics and actuarial tables
• Improve the economic viability of assured software development methods; provide methods to support personal data ownership
• Provide knowledge in support of laws, regulations and international agreements