Policy Implications: Turning Research into Action

While cybersecurity industry experts have long recommended “best practices” for securing organizations, such proclamations have lacked a solid empirical basis.

In a significant breakthrough, Professor Neil Gandal and Noa Barnir of the Berglas School of Economics at Tel Aviv University, have developed a novel method to assess the extent of this critical societal problem in monetary terms. 

Two papers - “Empirically Evaluating the Effect of Cybersecurity Precautions on Incidents in Israeli Enterprises“ and “Empirically evaluating the effect of security precautions on cyber incidents”- by Gandal, Barnir and colleagues, present the outcomes of the research which was conducted in Israel. In the past, The Blavatnik ICRC awarded Prof. Gandal research grants for his prior work that was related to this topic.

The economists’ latest findings on how security controls contribute to risk management by reducing the likelihood of experiencing cybersecurity incidents have clear public policy implications.

Based on this research, the INCD has, for the first time, publicly assessed the total direct damage to the economy of Israel at 12 Billion Shekels per year. Considering the empirical evidence of security controls' effectiveness, a broader implementation of just six controls can save between 1.2 to 6 Billion Shekels annually.

The societal impact of this research has become a central criteria for allocating and assessing public research funds. The Blavatnik Interdisciplinary Cyber Research Center is committed to facilitating policy-relevant science and congratulates Neil Gandal and Noa Barnir.