Assessing Cyber Security[Assessing Cyber Security -- concluded on 2015/04/16]
Over the years, a plethora of reports has emerged that assess the causes, dynamics, and effects of cyber threats. This proliferation of reports is an important sign of the increasing prominence of cyber attacks for organizations, both public and private, and citizens all over the world. In addition, cyber attacks are drawing more and more attention in the media. Such efforts can help to better awareness and understanding of cyber threats and pave the way to improved prevention, mitigation, and resilience. This report aims to help in this task by assessing what we know about cyber security threats based on a review of 70 studies published by public authorities, companies, and research organizations from about 15 countries over the last few years. It answers the following questions: what do we know about the number, origin, and impact of cyber attacks? What are the current and emerging cyber security trends? And how well are we prepared to face these threats?
The focus of the examined reports differs widely. Some reports look at all possible cyber attacks, others zoom in on specific threats such as Distributed Denial of Service attacks or malware. Some reports focus on a specific sector, or one country, others have a global scope. Methodologies used by the reports are often inconsistent and sometimes opaque: some are based on self-reporting (e.g., surveys), while others use data generated by software. One of the main observations of our study is that the range of estimates in the examined investigations is so wide, even experts find it difficult to separate the wheat from the chaff.
This leads to the conclusion that, although there is no shortage in the number of reports, well defined and comparable cyber threat data and risk assessments are missing.
- The project's own website