kth.sePublications KTH
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The Cost of Incidents in Essential Services—Data from Swedish NIS Reporting
KTH, School of Electrical Engineering and Computer Science (EECS), Human Centered Technology, Media Technology and Interaction Design, MID. RISE Research Institutes of Sweden, Kista, SE-164 29, Sweden.ORCID iD: 0000-0003-2017-7914
MSB Swedish Civil Contingencies Agency, Karlstad, SE-651 81, Sweden.
MSB Swedish Civil Contingencies Agency, Karlstad, SE-651 81, Sweden.
2021 (English)In: Lecture Notes in Computer Science, Springer Science and Business Media Deutschland GmbH , 2021, p. 116-129Conference paper, Published paper (Refereed)
Abstract [en]

The NIS Directive aims to increase the overall level of cyber security in the EU and establishes a mandatory reporting regime for operators of essential services and digital service providers. While this reporting has attracted much attention, both in society at large and in the scientific community, the non-public nature of reports has led to a lack of empirically based research. This paper uses the unique set of all the mandatory NIS reports in Sweden in 2020 to shed light on incident costs. The costs reported exhibit large variability and skewed distributions, where a single or a few higher values push the average upwards. Numerical values are in the range of tens to hundreds of kSEK per incident. The most common incident causes are malfunctions and mistakes, whereas attacks are rare. No operators funded their incident costs using loans or insurance. Even though the reporting is mandated by law, operator cost estimates are incomplete and sometimes difficult to interpret, calling for additional assistance and training of operators to make the data more useful.
Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2021. p. 116-129
Series
Lecture Notes in Computer Science, ISSN 0302-9743
Keywords [en]
Cyber insurance, Cyber security economics, Incident cost, NIS Directive, Reporting, Cost benefit analysis, Cost estimating, Personnel training, Cybe insurance, Cybe security economic, Cyber security, Essential services, Security Economics, Service data, Swedishs, Cybersecurity
National Category
Telecommunications Reliability and Maintenance
Identifiers
URN: urn:nbn:se:kth:diva-316412DOI: 10.1007/978-3-030-93200-8_7Scopus ID: 2-s2.0-85122579207OAI: oai:DiVA.org:kth-316412DiVA, id: diva2:1687770
Conference
16th International Conference on Critical Information Infrastructures Security, CRITIS 2021, Lausanne, Switzerland, 27-29 September 2021
Note

Part of proceedings: ISBN 978-3-030-93199-5

QC 20220816

Available from: 2022-08-16 Created: 2022-08-16 Last updated: 2022-08-16Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Franke, Ulrik

Search in DiVA

By author/editor
Franke, Ulrik
By organisation
Media Technology and Interaction Design, MID
TelecommunicationsReliability and Maintenance

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 95 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access