US flag   Official website of the Department of Homeland Security

Cyber Economics Incentives

Cybersecurity solutions exist today but often are not implemented because the incentives to use them are not aligned with cybersecurity policy and objectives.

“[Cyber Economic Incentives] Develops effective incentives to make cybersecurity ubiquitous, including incentives affecting individuals and organizations. Incentives include legal, regulatory, or institutional interventions. Recognizes that sound economic incentives need to be based on sound metrics, including scientifically valid cost risk analysis methods, and to be associated with sensible and enforceable notions of liability and care.” – Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program published by the Executive Office of the President, National Science and Technology Council, December 2011

Cyber Economic Incentives Program Activities

The research needs for Cyber Economic Incentives were based on the results of the 2009 National Cyber Leap Year Summit:

(1) Develop new theories and models of cyber economics and scientific understanding of the social dimensions of cyber economics.

(2) Develop scientific frameworks to incentivize vendors of cyberspace-related technologies e.g., encourage use of secure software engineering and analysis practices, software vulnerability detection, security incident forensics) through acquisition, regulation, and standards.

(3) Promote an environment where users are well informed about cybersecurity; and, individuals have “ownership” of their personal data, are aware of its provenance, and control its authenticated and authorized distribution, use, destruction with improved understanding of the economic value of such data.

(4) Empower cyberspace service providers e.g., Internet Service Providers, Application Service Providers, registrars, registries, banks, countries, nation-states, etc., to reduce abusive or criminal behavior and to provide the means to better defend services and systems against abuses and exploitation, while offering the appropriate legal/regulatory framework e.g., exemptions, liability protection, and law enforcement support.

The DHS Science & Technology Directorate's Cyber Security Division (CSD), in conjunction with the DHS Office of Procurement Operations, has awarded contracts for R&D in the Cyber Economic Incentives topic area. Once awards are made and contracts are in place, additional information will be posted to this site.

Interagency Coordination

Cyber Economic Incentives is one of the 4 main themes in the Federal Cybersecurity R&D plan and as such has involvement across the interagency. CSD coordinates its research agenda for this area with the National Science Foundation through the National Information Technology Research and Development (NITRD) Program, specifically the Cyber Security and Information Assurance Subcommittee (CSIA). For more information on NITRD and the CSIA, please see:

TTA 9 – Cyber Economics

Prime: University of Maryland | Sub: None

Month YearDocument TitleDownload
October 2012Reducing the Challenges to Making Cybersecurity Investments in the Private SectorPDF (1MB)

Prime: Carnegie-Mellon University | Sub: Cambridge University; Southern Methodist University

Month YearDocument TitleDownload
October 2012Understanding & Disrupting the Economics of Cybercrime

PDF (1 MB)

Back to Top

Back to Top