Notes:
[1] Market Failure: A situation where the market fails to allocate resources efficiently. In other words, the market fails to produce the socially optimal level of goods and services, resulting in a misallocation of resources. This can occur due to a variety of reasons, such as the presence of externalities (where the actions of one party affect others who are not involved in the transaction), public goods (goods that are non-excludable and non-rivalrous in consumption). These market failures can lead to welfare losses and can be corrected through government intervention, such as taxes, subsidies, regulations, and public provision of goods and services.
[2] Marsh McLennan,. “The Global Risks Report 2021 16th Edition.” Cologny, Switzerland: World Economic Forum, 2021.
[3] Kookyoung Han and Jin Hyuk Choi. “Implications of false alarms in dynamic games on cyber-security.” Chaos, Solitons & Fractals 169, 2023: 113322.
[4] Paul A.Samuelson, “The pure theory of public expenditure.” The review of economics and Statistics (1954): 387-389.
[5] Elke Krahmann. “Security: Collective good or commodity?.” European journal of international relations 14, no. 3, 2008: 379-404.
[6] Douglas Kelly, “The Economics of Cybersecurity,” Academic Conferences International Limited, 2017, https://www.proquest.com/conference-papers-proceedings/economics-cybersecurity/docview/1897683119/se-2.
[7] Ibid.
[8] Ibid.
[9] University of Texas, Strauss Center for International Security and Law. “The Economics of Cybersecurity.” Strausscenter.org, 8 April 2021, https://www.strausscenter.org/events/the-economics-of-cybersecurity/.
[10] Gordon E. Moore “Cramming More Components onto Integrated Circuits.” Reprinted from Electronics, Volume 38, Number 8, April 19, 1965. http://static.cs.brown.edu/courses/csci1800/sources/lec27/Moore.pdf.
[11] Benjamin Powell. Is Cybersecurity a Public Good? Evidence From the Financial Services Industry, 2005. George Mason University Journal of Law, Economics, & Policy, pp. 497-511. Retrieved from http://www.benjaminwpowell.com/scholarlypublications/ journal-articles/is-cybersecurity-a-public-good.pdf.
[12] Isabella Corradini. “Redefining the Approach to Cybersecurity.” Building a Cybersecurity Culture in Organizations: How to Bridge the Gap Between People and Digital Technology vol. 284 49–62. 30 Apr. 2020, doi:10.1007/978-3-030-43999-6_3.
[13] Nic Chantler, and Roderic Broadhurst. “Social engineering and crime prevention in cyberspace.” Proceedings of the Korean Institute of Criminology, 2008: 65-92.
[14] James H. Stewart Jr., “Social engineering deception susceptibility: Modification of personality traits susceptible to social engineering manipulation to acquire information through attack and exploitation.” PhD diss., Colorado Technical University, 2015.
[15] Jayanth Kancherla, Motivational and Psychological Triggers in Social Engineering, April 24, 2020. https://ssrn.com/abstract=3750474 or http://dx.doi.org/10.2139/ssrn.3750474.
[16] James H. Stewart Jr., “Social engineering deception susceptibility: Modification of personality traits susceptible to social engineering manipulation to acquire information through attack and exploitation.” PhD diss., Colorado Technical University, 2015
[17] Muhammad Mudassar Yamin, Mohib Ullah, Habib Ullah, and Basel Katt. “Weaponized AI for cyber attacks.” Journal of Information Security and Applications 57 (2021): 102722.
[18] New Global Cybersecurity Report Reveals Misaligned Incentives, Executive Overconfidence Create Advantages for Attacker.” Business Wire. February 28, 2017. https://www.businesswire.com/news/home/20170228006741/en/New-Global-Cybersecurity-Report-Reveals-Misaligned-Incentives-Executive-Overconfidence-Create-Advantages-for-Attacker.
[19] Tyler Moore. “The economics of cybersecurity: Principles and policy options.” International Journal of Critical Infrastructure Protection 3, no. 3-4 (2010): 103-117.
[20] Robert McMillan, “FDIC: Hackers Took More than $120m in Three Months,” Computerworld, DG News Service, March 8, 2010, https://www.computerworld.com/article/2762543/fdic–hackers-took-more-than–120m-in-three-months.html.
[21] Nicole Perlroth, “All 3 Billion Yahoo Accounts Were Affected by 2013 Attack,” The New York Times (The New York Times, October 3, 2017), https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html.
[22] Ibid.
[23] Electronic Privacy Information Center, “Epic – Equifax Data Breach,” Electronic Privacy Information Center, https://archive.epic.org/privacy/data-breach/equifax/.
[24] Douglas Kelly. The Economics of Cybersecurity. Reading: Academic Conferences International Limited, 2017. https://www.proquest.com/conference-papers-proceedings/economics-cybersecurity/docview/1897683119/se-2.
[25] Ross Anderson and Tyler Moore. 2006, Oct 27, The Economics of Information Security, Science Magazine, Vol. 314, Issue 5799, pp. 610-613. http://science.sciencemag.org/content/314/5799/610.
[26] Security executive, Google Cloud Services, April 2023, Palo Alto, CA
[27] “The Cybersecurity of Critical Infrastructure,” Cyber.nj.gov, NJCCIC, February 18, 2021, https://www.cyber.nj.gov/alerts-advisories/the-cybersecurity-of-critical-infrastructure.
[28] Tyler Moore. “The economics of cybersecurity: Principles and policy options.” International Journal of Critical Infrastructure Protection 3, no. 3-4 (2010): 103-117.
[29] “New Global Cybersecurity Report Reveals Misaligned Incentives, Executive Overconfidence Create Advantages for Attacker,” Business Wire, March 1, 2017, https://www.businesswire.com/news/home/20170228006741/en/New-Global-Cybersecurity-Report-Reveals-Misaligned-Incentives-Executive-Overconfidence-Create-Advantages-for-Attacker.
[30] Office of Inspector General, “Additional Progress Needed to Improve Information Sharing under the Cybersecurity Act of 2015,” (Homeland Security, 2021 August, 16), 1.
[31] Ibid.
[32] Ibid.
[33] “Mitre Att&ck,” MITRE, March 1, 2023, https://www.mitre.org/focus-areas/cybersecurity/mitre-attack.
[34] Ibid.
[35] Shameek Konar and Mark A. Cohen. 1997. Information as Regulation: The Effect of Community Right to Know Laws on Toxic Emissions. Journal of Environmental Economics and Management 32(1):109-124
[36] Ibid.
[37] California Civil Code §1798.82. https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.82&lawCode=CIV.
[38] Deirdre K. Mulligan and Kenneth A. Bamberger. 2007. Security Breach Notification Laws: Views from Chief Security Officers. Samuelson Law, Technology & Public Policy Clinic, University of California-Berkeley School of Law. http://www.law.berkeley.edu/ files/cso_study.pdf.
[39] “National Council of ISACs,” natlcouncilofisacs, https://www.nationalisacs.org/.
[40] “A Declaration for the Future of the Internet.” U.S. Department of State. April 13, 2022. https://www.state.gov/wp-content/uploads/2022/04/Declaration-for-the-Future-for-the-Internet.pdf.
[41] “Global Industrial Control Systems Cybersecurity Professional.” Defense Counterintelligence and Security Agency. https://www.dcsa.mil/mc/pv/mbi/gicp/.
[42] “Critical Cybersecurity Hygiene: Patching the Enterprise.” National Cybersecurity Center of Excellence. Accessed April 28, 2023. https://www.nccoe.nist.gov/projects/critical-cybersecurity-hygiene-patching-enterprise.
[43] Helsinki, Finland. Eisenhower Industry Study Visit, April 2023, European Centre of Excellence for Countering Hybrid Threats
[44] “Information Sharing: A Vital Resource.” Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/information-sharing-vital-resource
