Abstract:
Rarely does a day seem to go by without another front page story about a firm being breached by cyber attackers. Even experts in the field are far from immune from the unsustainable status quo. Jim Lewis of the Center for Strategic and International Studies, for example, has said: “We have a faith-based approach [to cybersecurity], in that we pray every night nothing bad will happen.” This is a difficult starting point to consider an appropriate end game. Still, it is something that firms must do since infinite investment cannot breed infinite security. This Article takes lessons from the burgeoning field of cyber peace studies and applies them to private sector cyber risk mitigation strategies. With members of the CSuite on down to mailroom clerks worrying about the next attack and looking over their shoulder after a breach occurs, who wouldn’t welcome some peace of mind?
Paper available for download via SSRN.