Cyber security regulation needs to be carefully designed to limit unnecessary costs

Carefully designing cyber security regulation

Cyber-attacks impose substantial burden on the economy and wider society. However, cyber security measures are also costly, so governments need to design policy to get the balance right. 

All stakeholders, including governments, businesses, suppliers of digital goods and services, and consumers, have a strong interest in combating cyber threats. The scale of threats will increase over time as the uptake of connected devices increases and new technologies are developed. The European Union has addressed the threat with a suite of proposals including the Network and Information Security NIS2 Directive (which is in the process of being enacted by member states). NIS2 aims to provide a common, transparent and risk based approach to implementing cybersecurity measures across the European member states

Cybersecurity measures, when designed appropriately, enhance the strength and resilience of cybersecurity, ensuring that businesses and consumers can benefit from a reduction in the losses and frequency of security incidents. While enhanced cybersecurity measures are welcomed by all, they impose substantial costs on businesses and wider society depending on how they are implemented.

Frontier has analysed the costs of implementing the cyber security measures in the EU. These include not just costs of implementation, but costs associated with a reduction in economic trade. It is important that, when enacting NIS2, member states design their policies carefully to ensure that the benefits of these measures outweigh the costs to consumers, businesses and the wider society.

Read Frontier’s report on costs of implementing cyber security measures here, and its assessment of costs in Czechia here, and Germany here.

For more information please contact media@frontier-economics.com, or call +44 (0)20 7031 7000.

Assessing the economic cost of EU initiatives on cybersecurity