Full title in original language:
Mind the denominator: towards a more effective measurement system for cybersecurity
Education level:
University University (18+ years)Topic / subtopic:
Cybercrime Cybercrime preventionTarget audience:
Students,
Teachers / Lecturers
Type of resource:
Publication / Article
Languages:
English
Region of relevance:
Global
Access:
restricted access: requiring payment
Individual authors:
Eric Jardine
Publication year:
2018
Published by:
Journal of Cyber Policy / Taylor & Francis
Copyright holder:
© Taylor & Francis
Contact name and address:
Taylor & Francis
Contact website:
Key themes:
cybercrime, cybercrime prevention, crime, cybersecurity, cyber security, cyberspace
Links:
Short description:
Crime statistics in the physical world are routinely normalised around the population of a city or country. Such normalisations are essential, as they provide both a propensity-based perspective on crime (e.g. the odds of being murdered are 1 in 100,000) and correct for the simple fact that a larger population should have more crimes. Unfortunately, many cybersecurity metrics tend to be uncorrected counts of malicious phenomena such as the number of phishing websites. While normalisation cannot make bad measures good, a failure to normalise even the best cybersecurity metrics can lead to bias. A failure to normalise count statistics around the size of the ecosystem, sensor density or risk mitigation personnel has implications for the observed trends, often making the state of cybersecurity seem worse than it actually is. In short, normalisation of malicious count data is a crucial measurement step and has significant impacts for both firm- and economy-wide risk management strategies and policy assessment.