Investing in Cybersecurity
11 Feb 2016
This research examines why, how and how much organisations in critical infrastructure sectors invest in cybersecurity.
Fotolia
Cybersecurity has a prominent place on national and international policy agendas. The digital dependence in developed countries has led to a situation where security vulnerabilities and security incidents potentially come accompanied by serious consequences. With this in mind, the Netherlands Ministry of Security and Justice commissioned RAND Europe to investigate the cybersecurity investments that organisations in critical infrastructure sectors make.
The main question that the project sought to address was: On what basis, how, and to what extent do private companies and public organisations in the critical infrastructure sectors invest in cybersecurity?
The report also aims to answer a number of other fundamental questions which lay the groundwork for the contours of the cybersecurity landscape, including how cybersecurity is defined and operationalised. Furthermore, the study explores the threats faced by organisations within critical infrastructure sectors, which concerns the underlying reasons for organisations to invest in cyber security.
The study involved a total of 27 interviews with representatives of organisations in 12 critical infrastructure sectors and drew a number of important conclusions that may contribute to the ongoing cybersecurity debate.