The economics of cybersecurity

The purpose of the project is to produce new knowledge about companies' cyber security work and about individuals' assessments of cyber risks.

Cybersecurity is often seen as only a matter of technology. But while technological advances can improve security, technology alone cannot solve all problems. Security—and the threats to it—arise within a social and economic context. This means that improving cybersecurity sometimes requires perspectives beyond technology.

This project aims to generate new knowledge in two key areas: economic research on how businesses approach cybersecurity and psychological research on how individuals assess cyber risks.

Improving cybersecurity through economics and psychology

The first work package, Cybersecurity in the market economy, examines cybersecurity from the market perspective. The goal is to understand how cybersecurity efforts vary across companies and industries, what incentives and challenges businesses face, and what role policy can play in promoting stronger cybersecurity within Swedish industries.

The second work package, The psychology of cybersecurity, focuses on the human factor in security. People are often described as the weakest link in cybersecurity, yet there is still limited knowledge about the psychology behind cybersecurity behavior. This work package aims to fill that gap by exploring how individuals perceive and respond to cyber risks.

The third work package, A policy-oriented synthesis, integrates insights from both economics and psychology to develop policy recommendations that can improve cybersecurity strategies.