The implementation, exploitation and dissemination of CYBECO innovations will lead to the following main expected impacts:
- Improved societal understanding of information security failures and how they should be addressed by properly incorporating intentionality into our risk models and facilitating understanding of cyber security failures, by adopting Structured Expert Judgment methods to cope with cases in which little data is available; by properly integrating these in security investment decisions and facilitating understanding on how to address them and by acknowledging the importance of human behaviour when designing, building and using cyber security technology.
- Improved risk-based information security investment by overcoming defects of current cyber risk management approaches, typically based on risk matrices, and focusing on facilitating security investment decisions, including cyber insurance acquisition.
- Increased societal resilience to cyber security risks through more efficient and effective institutional and incentives structures by identifying gaps in current institutional structures and behavioural nudges that may facilitate cyber security and cyber insurance investments, by facilitating the role of insurance companies in this new setting, thus by supporting insures as well and, therefore, increasing societal resilience to cyber security risks, and by enhancing facilitation and improving risk management practice through the mainstreaming of CYBECO’s policy recommendations in the cyber insurance policy framework.
- Progress beyond the state of the art in information security economics models by properly modeling intentionality, supporting situations in which little data is available, incorporating behavioural findings, and properly integrating insurance and facilitating asset valuation through Multi-Attribute Utility Theory.
- Improve skills of:
- project partners through the development and expansion of existing cyber security technologies, the development of a better understanding of their own technologies and how to exploit them.
- IT security policy makers to build their capacities in cyberinsurance policy making through their cooperation with stakeholders of the cybersecurity and cyberinsurance sectors for the development of policy recommendations and the improvement of the policy framework for cyberinsurance services.
- Economic development prospects and employment opportunities in the cyber-security and cyber-insurance markets.
- Improve the innovation capacity of the European industry and enhance public policy through improved cybersecurity decision-making.