Description
Over the past few decades, the “digital revolution” has seen business processes and functions increasingly become electronic to reduce costs and improve convenience and efficiency. This approach creates new risks and exposes vulnerabilities, many of which are more opaque and less certain than the opportunities and benefits. Those who use electronic systems generally seize the latter well, but the former remains a challenge. To date, the US and UK governments have generally relied upon market forces to manage cyber risk, but the threat is growing and the market is now failing to protect electronic systems users adequately. Cyber attacks are becoming more frequent and impactful It has been estimated that by 2030, an internet in which cyber attackers continue to compromise systems easily will cost $90 trillion more than an internet characterized by strong cybersecurity. A plausible long term solution is to build a new internet, but this is difficult to achieve quickly and thus a more immediate solution is needed. Drawing on Nudge Theory and Libertarian Paternalism, this thesis proposes a model to improve the evidence base for the cyber threat and place greater liability pressures upon users through a series of tools and limited government interventions. Part one proposes to expand the Department of Homeland Security’s Automated Indicator Sharing Scheme, employ a Bayesian risk assessment, and improve government communications on cyber risk. Part two proposes the development of a self-assessment survey, improvement of technical standards and in the introduction of compulsory affirmative cyber insurance. This thesis aims to demonstrate that implementing this model has the potential to change behaviour towards building greater resilience against the cyber threat.