Quantitative Analysis and Consideration of Spillover Effects of Cyberattacks by Industry

Abstract

One of the challenges related to cybersecurity is the risk of cyberattacks that disrupt supply chains and affect a wide range of economic activities [1]. Long-standing issues include cyberattacks for financial gain and those targeting social and industrial activities. In recent years, ransomware attacks have not only caused direct damage such as system outages and business interruptions but also significant spillover damage beyond the attacked organization’s industry, including supply chain disruptions. In the damage analysis of natural disasters, damage is quantitatively assessed in terms of both direct and spillover damage. In the case of cyberattacks, it is important to quantitatively understand not only the direct damage to the attacked organization but also the spillover damage that affects other organizations. By sharing the quantitative damage results among all organizations involved in the supply chain, resilience strategies and measures can be developed with an overall optimization perspective. In this paper, we quantitatively estimate and analyze the direct and spillover damage (in both upstream and downstream industries) linked from the cyberattacked industry to other industries. We have found that the input–output analysis model used in this study can provide effective information for planning resilience enhancement measures by industry.