ABSTRACT
Calculating the cost of cybersecurity is a very complex problem since there are a number of variables that must be included in any economic assessment. Another facet of the problem is to define what is being measured in calculating the economic cost. In addition, what economic model will be applied, and will it control for the statistical requirements of sampling and other research methodology requirements? How complete and accurate are computer breaches and computer criminal acts being reported and what is the variability between corporations, governmental agencies, and individual citizens? Further difficulties emerge as a result of the public media reporting the “cost of computer crime” from various sources, which, in many instances, are nonscientific sources and may contain undocumented sources as well as elevated cost estimates.
