The impact of cyber security incidents on critical information infrastructures
- Details
- Published: Wednesday, 17 August 2016 06:54
ENISA has published a new report which provides a systematic review of studies on the economic impact of cyber security incidents on critical information infrastructures.
The study demonstrates that the absence of a common approach and criteria for performing such an analysis has led to the development of rarely comparable standalone approaches that are often only relevant to a specific context and to a limited audience. Despite the lack of comparable studies, this systematic review has allowed ENISA to come up with compelling findings for future work in the field, and build an early view on the current situation in the EU and beyond.
The major common findings include:
- The finance, ICT and energy sectors have the highest cyber security incident costs;
- The most common cyber attack types for the ICT and financial sectors are DoS/DDoS attacks and malicious insiders, with the latter being the top attack vector in public administration and government sectors;
- The costliest attacks are considered to be insider threats, followed by DDoS and web based attacks;
- In terms of country losses, the figures demonstrate losses of up to 1.6 percent of GDP in some EU countries.
