Cyber Harm: Concepts, Taxonomy and Measurement

Coherent, adaptable and durable cybersecurity capacity-building requires a comprehensive and in-depth understanding of harms that can be caused by cyber-events. At the national level, the avoidance and reduction of harm is a central feature in all efforts to develop cybersecurity policy, strategy and capacity. This article offers a taxonomy of cyber harm, which enables a better understanding of how harm is manifested within and outside of cyberspace, and proposes an initial set of metrics and methods to assess cyber harm in national contexts. Based on this framework, a national Cyber Harm Model (CHM) would form the basis for a comprehensive and durable cybersecurity policy by contextualising and validating cybersecurity capacity research that has resulted in the development of the National Cybersecurity Capacity Maturity Model (CMM).