# Economics of Cybersecurity: Foundation and Measurement
**Source**: https://learningforlife.tudelft.nl/economics-of-cybersecurity-foundation-and-measurement/
**Parent**: https://learningforlife.tudelft.nl/our-courses/ai-data-computer-science/
Share webpage
- Explain why certain security failures occur and persist in organizations.
- Identify the incentives that can help prevent security failures.
- Use a causal framework for security incidents that helps to develop metrics for the factors that increase or decrease the risk of failure.
- Distinguish supposed “best practices” from actual evidence on which security measures are effective.
### Start date Sep 23, 2026
Early bird
Early bird price.
€ 916,-
€ 1.145,-
20%
off
- Type
Course
- Admission open until
The deadline to register for this course.
Sep 16, 2026
- Location
Online
- Pacing
Instructor-paced
- Length
For instructor paced courses this is the length of the course.
For self-paced courses this is the length of the course if you spend the amount of time per week as specified. You're free to go faster or slower as you see fit.
6 Weeks
- Effort
4 - 6 Hours per week
Add to Cart
- [Group discounts](https://learningforlife.tudelft.nl/service-contact/discounted-group-fee/)
Loading...
Subscribe to back in stock notification
Subscribe
- [Economics of Cybersecurity](https://learningforlife.tudelft.nl/economics-of-cybersecurity/)
- [Michel van Eeten](https://learningforlife.tudelft.nl/instructors/michel-van-eeten/)
- [Daniel Woods](https://learningforlife.tudelft.nl/instructors/daniel-woods/)
- Overview
**Learn why cybersecurity failures occur and recur in your organization and how to remediate them. Identify the economic investments that produce security successes. Develop a practical framework for measuring security and its driving factors.**
Organizations face daily cybersecurity risks, such as ransomware, data leaks, and compromised emails. Often, the focus is on compliance with industry standards rather than addressing internal vulnerabilities. Effective security requires understanding the incentives for stakeholders, not just relying on technology.
This course covers key economic concepts to present security incentives within organizations and the broader ecosystem of suppliers, customers and IT providers. It examines the reasons behind recurring cybersecurity failures and uses case studies to explore and prevent these lapses. You'll learn to identify essential economic investments for security, to allocate resources efficiently, and make informed decisions balancing security needs with financial constraints.
Furthermore, the course covers the critical aspect of measuring security. Accurate measurement is essential to determine the effectiveness of your policies and identify best practices. Without it, investments are based on inputs like maturity frameworks and compliance rather than actual outcomes. Our course provides a causal framework for understanding security incidents, drawing on numerous empirical studies that show how specific interventions and policies impact security. You will learn to develop and evaluate metrics and KPIs related to your security initiatives. This framework will help you track progress, identify areas for improvement and demonstrate the value of your security investments to stakeholders.
With new laws like NIS2 requiring cybersecurity training, this course is ideal for professionals in IT management, auditing, compliance, risk governance and related fields. By the end, you'll be prepared to proactively address cybersecurity challenges and enhance your organization's resilience against threats.
- Details
##### Course Syllabus
**Week 1:**\
In this week we will introduce the concepts of cybersecurity economics, the associated costs, and decision making involved.\
Topics covered in this week:
- Introduction to the program and course specific topics
- Explanation of the costs of security failures
- Discussion of security decisions at the margins
**Week 2:**\
This week’s focus is on the different aspects of market failures. We will explain effects of both negative and positive externalities, and how information asymmetry could play a role.\
Topics covered this week:
- The effects of negative externalities
- Understanding positive externalities
- Explanation of information asymmetry
**Week 3:**\
In this week we wrap up the economic foundations by looking at market power and its effects on security. We also describe the role that governmental interventions play and how those could lead to failures.\
Topics covered this week:
- Explaining monopolies and market power
- Understanding governmental failures
**Week 4:**\
In this week we will introduce a causal framework for thinking about the relationship between attacks, security, exposure, compromise and harm. This provides the foundation for thinking about measurement. We will also discuss the effect that different study sizes have on results and how to measure compromise.\
Topics covered this week:
- Introduction to the causal model
- Explaining sample size effect on results
- Measuring compromise
**Week 5:**\
The focus of this week will be on key measurement variables associated with cybersecurity. We will look at how to measure harm, why exposure is important for a measurement study, and how threat levels vary.\
Topics covered this week:
- Measuring harm
- The importance of exposure
- What is threat and how is it measured
**Week 6:**\
In this final week, we discuss what security data is available and look at a specific case study, where the previously introduced concepts are put to work.\
Topics covered this week:
- Recognizing different types of security data
- Applying the concepts to a real-life case study
- Qualifications
##### Certificates
If you successfully complete this course you will earn a professional education certificate and you are eligible to receive 2.5 Continuing Education Units (CEUs).
**Chartered Engineering Competences**\
All our online courses and programs have been matched to the competences determined by [KIVI’s Competence Structure](https://charteredengineer.nl/competence-structure/), a common frame of reference for everyone, across all disciplines, levels and roles.
These competences apply to this course:
- A1: Extend your theoretical knowledge of new and advancing technologies.
- E3: Undertake engineering activities in a way that contributes to sustainable development and a circular economy.
- [View sample certificate](https://s.db28b32f9.entry.domains/typo3/Documents/specimen-certificate-2023.pdf)
- Admission
This course is primarily geared towards working professionals.
##### **Prerequisites:**
Participants are encouraged to combine this course with the course “Economics of Cybersecurity: Users and Attackers” and “Economics of Cybersecurity: Business Strategies and Policy Interventions”.
- Contact
If you have any questions about this course or the TU Delft online learning environment, please visit our [Help & Support](https://learningforlife.tudelft.nl/help-support/) page.
## What our learners say about us
- > I found the required readings specially insightful, but the lectures were extremely useful as well.
>
>
> Roy Ricaldi - The Netherlands
[Read the full story](https://learningforlife.tudelft.nl/roy-ricaldi/)
- > All the courses in the program are well-structured, ensuring that all the concepts are highly engaging.
>
>
> Grzegorz Czapliński - Singapore
[Read the full story](https://learningforlife.tudelft.nl/learner-stories/grzegorz-czaplinski/)
## Related Products
[Press to skip carousel](#related-slider-end)
Press to go to carousel navigation
[Economics of Cybersecurity](https://learningforlife.tudelft.nl/economics-of-cybersecurity/)
Start date Sep 24, 2025
4 - 6 Hours per week
€ 3.100,-
€ 3.435,-
10%
off
[Economics of Cybersecurity: Business Strategies and Policy Interventions](https://learningforlife.tudelft.nl/economics-of-cybersecurity-business-strategies-and-policy-interventions/)
Start date Mar 25, 2026
4 - 6 Hours per week
€ 1.145,-
[Economics of Cybersecurity: Users and Attackers](https://learningforlife.tudelft.nl/economics-of-cybersecurity-users-and-attackers/)
Start date Jan 20, 2027
4 - 6 Hours per week
€ 1.145,-