Many organisations view cybersecurity threats as a technical challenge that needs primarily technical solutions, and many governments view them primarily as a national security issue. Yet the economic and social consequences of cyber incidents can be much more severe than their technical impact for the organisation, its partners and third parties. For example, ransomware in hospitals can be fatal, and IP breaches can cost years of a company’s R&D. Furthermore, security measures can undermine economic objectives by increasing cost and complexity, reducing performance, and limiting innovation.
This is why the OECD promotes digital security risk management, a cybersecurity approach focusing on the economic and social consequences of technical breaches rather than only on technical or national security aspects.