Measuring the Cybersecurity Problem

Policy Report | October 21, 2013

Trillions of dollars of transactions fly across cyberspace every day that we know are riddled with cybersecurity problems, yet there is no sufficient way to measure their frequency or impact. The EastWest Institute’s just-released report, Measuring the Cybersecurity Problem, highlights this global challenge and offers recommendations that, if implemented, would achieve a breakthrough for much-needed measurement of cybersecurity breaches.

The report will be presented at EWI’s “World Cyberspace Cooperation Summit IV,” its flagship international cyber event, at Stanford University on November 5-6, 2013. 

EWI Chief Technology Officer and Distinguished Fellow Karl Frederick Rauscher and Stroz Friedberg’s Executive Managing Director Erin Nealy Cox, the co-authors of the report, propose that the private sector lead the development of benchmarks that are universal. They also propose the establishment of a trusted entity to collect such data.

"Many volunteers from around the world have already come to me and offered to help build the new trusted entity called for in the report,” Rauscher said. “We are optimistic about the chances for getting this done.” Rauscher has previously been a starter of similar highly trusted entities.

Nealy Cox pointed out that numerous private sector companies and government agencies have been reluctant to share the data on cybersecurity compromises impacting their operations.

“Our recommendations offer the means to break through the logjam that prevents effective data collection, analysis and reporting, and such global information and intelligence sharing is critical to bolstering security efforts around the world,” Nealy Cox said. “One of the main obstacles has been the lack of clear benchmarks and measurement tools needed to understand the scale and severity of potential cyber threats.”

With these steps implemented, the public would be able to understand a particular cyber threat with a given number value—in the same way that the Richter Magnitude Scale measures seismic events, for example.

This report underlines the fact that cybersecurity costs continue to rise exponentially for businesses and governments around the world—which will be a major topic of the EastWest Institute’s 4th World Cyberspace Cooperation Summit in Silicon Valley on November 5-6, 2013.

For more information on the Summit Conference and to register, please visit:

Click here to read FierceGovernmentIT's coverage of this report.