Bocconi

Dondena Initiatives highlight current and prospective research pursued by our faculty in societally-relevant areas which might be appealing for external donors.

In this section

Cybersecurity for Public Value

Cybersecurity for Public Value

Greta Nasi, Marco Bonetti

Essential services, such as electricity, healthcare, and telecommunications, are those necessary to ensure the full social inclusion of people in society and the labor market. They play a pivotal role in individual well-being, societal welfare, national security, and the competitiveness of modern states and must be provided even in the face of disasters. However, in the past decade there has been a significant increase in cyberattacks targeting essential services, particularly in the European Union, with a significant increase since 2022 when the war in Ukraine began. This growing exposure has revealed the limitations of current cybersecurity approaches, which often fail to reflect the societal importance of these services and the cascading consequences of their disruption.

Current approaches to cybersecurity decision-making mainly focus on infrastructure protection rather than on maintaining the continuity and reliability of essential services that support society. Policy and research remain mostly centered on organizations, with limited consideration of the broader systemic effects of cyber disruptions. This isolated view overlooks the complex interconnections among critical infrastructures, public institutions, and private actors, resulting in fragmented prevention and response strategies. Additionally, the impacts of cyber incidents are often evaluated only in terms of technical continuity or business performance, neglecting the full scope of risks, including effects on individual well-being, social trust, and public welfare.

The Cybersecurity for Public Value initiative seeks to redefine cybersecurity decision-making as a matter of societal protection. It promotes a shift in institutional decision-making that addresses research questions of this kind: What value is at risk in the case of a cyber disruption of essential services, and for whom? What optimal decision-making and risk treatment approaches mitigate the loss of value across the ecosystem and its interdependencies? 

Recognizing that disruptions affect multiple actors with differing objectives, we aim to develop a taxonomy to define and measure the value at risk from the main stakeholders. The taxonomy will inform statistical models to enhance robust decision-making in ways crucial for the safety and security of essential services.

 

Research Highlights