The economics of cyber risk: a survey of the literature

Cyber risk has emerged as a critical challenge for businesses, governments, and individuals. The greater availability of data, the increasing dependence on digital infrastructures, and the ever-advancing level of sophistication of cybercriminals have intensified both the occurrence and impact of security breaches. Literature on the economic aspects of cybersecurity originates from several distinct research areas and employs various approaches, emphasising the multifaceted nature of this phenomenon. This survey presents an overview of the economic dimension of cybersecurity, summarising the main findings of this rich and interdisciplinary literature. Our survey focuses on the four key actors involved in cybersecurity: hackers, companies, consumers/users and regulators. We provide an overview of the motivations and strategies employed by hackers, examine how companies and users protect themselves against cyber risks and respond to breaches, and analyse the economic and financial consequences. We also discuss the policy instruments available to regulators to mitigate both the likelihood and the impact of cyberattacks. In the final section, we suggest some potential directions for future research. (JEL D8, L86, L20)