Economics of Cybersecurity: Foundation and Measurement

Source: https://learningforlife.tudelft.nl/economics-of-cybersecurity-foundation-and-measurement/ Parent: https://learningforlife.tudelft.nl/our-courses/ai-data-computer-science/

Share webpage

Explain why certain security failures occur and persist in organizations.
Identify the incentives that can help prevent security failures.
Use a causal framework for security incidents that helps to develop metrics for the factors that increase or decrease the risk of failure.
Distinguish supposed “best practices” from actual evidence on which security measures are effective.

Start date Sep 23, 2026

Early bird

Early bird price.

€ 916,-

€ 1.145,-

20% off

Type Course
Admission open until

The deadline to register for this course.

Sep 16, 2026 - Location Online - Pacing Instructor-paced - Length

For instructor paced courses this is the length of the course.

For self-paced courses this is the length of the course if you spend the amount of time per week as specified. You're free to go faster or slower as you see fit.

6 Weeks - Effort 4 - 6 Hours per week

Add to Cart

Group discounts

Subscribe to back in stock notification

Learn why cybersecurity failures occur and recur in your organization and how to remediate them. Identify the economic investments that produce security successes. Develop a practical framework for measuring security and its driving factors.

Organizations face daily cybersecurity risks, such as ransomware, data leaks, and compromised emails. Often, the focus is on compliance with industry standards rather than addressing internal vulnerabilities. Effective security requires understanding the incentives for stakeholders, not just relying on technology.

This course covers key economic concepts to present security incentives within organizations and the broader ecosystem of suppliers, customers and IT providers. It examines the reasons behind recurring cybersecurity failures and uses case studies to explore and prevent these lapses. You'll learn to identify essential economic investments for security, to allocate resources efficiently, and make informed decisions balancing security needs with financial constraints.

Furthermore, the course covers the critical aspect of measuring security. Accurate measurement is essential to determine the effectiveness of your policies and identify best practices. Without it, investments are based on inputs like maturity frameworks and compliance rather than actual outcomes. Our course provides a causal framework for understanding security incidents, drawing on numerous empirical studies that show how specific interventions and policies impact security. You will learn to develop and evaluate metrics and KPIs related to your security initiatives. This framework will help you track progress, identify areas for improvement and demonstrate the value of your security investments to stakeholders.

With new laws like NIS2 requiring cybersecurity training, this course is ideal for professionals in IT management, auditing, compliance, risk governance and related fields. By the end, you'll be prepared to proactively address cybersecurity challenges and enhance your organization's resilience against threats. - Details

##### Course Syllabus

Week 1:\ In this week we will introduce the concepts of cybersecurity economics, the associated costs, and decision making involved.\ Topics covered in this week:

Introduction to the program and course specific topics
Explanation of the costs of security failures
Discussion of security decisions at the margins

Week 2:\ This week’s focus is on the different aspects of market failures. We will explain effects of both negative and positive externalities, and how information asymmetry could play a role.\ Topics covered this week:

The effects of negative externalities
Understanding positive externalities
Explanation of information asymmetry

Week 3:\ In this week we wrap up the economic foundations by looking at market power and its effects on security. We also describe the role that governmental interventions play and how those could lead to failures.\ Topics covered this week:

Explaining monopolies and market power
Understanding governmental failures

Week 4:\ In this week we will introduce a causal framework for thinking about the relationship between attacks, security, exposure, compromise and harm. This provides the foundation for thinking about measurement. We will also discuss the effect that different study sizes have on results and how to measure compromise.\ Topics covered this week:

Introduction to the causal model
Explaining sample size effect on results
Measuring compromise

Week 5:\ The focus of this week will be on key measurement variables associated with cybersecurity. We will look at how to measure harm, why exposure is important for a measurement study, and how threat levels vary.\ Topics covered this week:

Measuring harm
The importance of exposure
What is threat and how is it measured

Week 6:\ In this final week, we discuss what security data is available and look at a specific case study, where the previously introduced concepts are put to work.\ Topics covered this week:

Recognizing different types of security data
Applying the concepts to a real-life case study
Qualifications

##### Certificates

If you successfully complete this course you will earn a professional education certificate and you are eligible to receive 2.5 Continuing Education Units (CEUs).

Chartered Engineering Competences\ All our online courses and programs have been matched to the competences determined by KIVI’s Competence Structure, a common frame of reference for everyone, across all disciplines, levels and roles.

These competences apply to this course:

A1: Extend your theoretical knowledge of new and advancing technologies.
E3: Undertake engineering activities in a way that contributes to sustainable development and a circular economy.
View sample certificate
Admission

This course is primarily geared towards working professionals.

##### Prerequisites:

Participants are encouraged to combine this course with the course “Economics of Cybersecurity: Users and Attackers” and “Economics of Cybersecurity: Business Strategies and Policy Interventions”. - Contact

If you have any questions about this course or the TU Delft online learning environment, please visit our Help & Support page.