Cybercrime economic costs: No measure no solution

Abstract

Governments need reliable data on crime in order to both devise adequate policies, and allocate the correct revenues so that the measures are cost-effective, i.e., the money spent in prevention, detection, and handling of security incidents is balanced with a decrease in losses from offenses. The availability of multiple contrasting figures on cyber-attacks checks the accurate assessment of the cost-effectiveness of current and future policies for cyber space. What factors contribute to the costing equation is not clearly understood with wide variation in methodologies used. The most relevant literature in this field is reviewed and analysed against quantitative insights provided by the CyberROAD survey to stakeholders. Research gaps are highlighted to determine the issues that need addressing to provide a solid ground for future legislative and regulatory actions at national and international levels.