No. 407 - The price of cyber (in)security: evidence from the Italian private sector

Vai alla versione italiana Site Search

by Claudia BiancottiNovember 2017

This paper presents evidence on the economic dimension of cyber risk in the Italian private non-financial sector, based on Bank of Italy survey data. In 2016, the median amount spent on preventing cyber attacks was a modest €4,530, i.e. 15 per cent of a typical worker's annual gross wages. A wide variation exists across sectors and size classes, reflecting differences in how appealing a target a firm is to attackers and firms' awareness of threats: median values range from €3,120 for small firms to €19,080 in the ICT sector and €44,590 for large firms.

The market for cyber defence in our reference universe is worth at least €570 million. Having been attacked in the past proves to be a strong incentive to invest in security. The majority of breached firms suffered damages worth less than €10,000; 0.1 per cent reported costs of at least €200,000. Neither the sampling design nor the questionnaire were geared towards the measurement of tail events: underestimation of large incidents is likely. More information is needed before the economy-wide cost can be estimated.

Full text