Valuation of Reputation Damage for Transport Cyber Attack: Methods and Findings

This 2023 paper analyses the issue of reputation damage for transport cyber-attacks. Cybersecurity attacks have become a growing focus for many businesses and governments. Transport infrastructure networks are of special concern. A challenge in responding is to determine the level and allocation of cyber-security budgets. Extensive public-sector involvement means that market-based measures of net benefit may be insufficient for government decision-makers. For example, government reputation effects will also be regarded as important, and this paper uses focus group methods to demonstrate how project evaluation can incorporate public reputation-damage measures.

The paper applies the so-called "contingent valuation" methodology to this purpose, generating illustrative "willingness to pay" estimates for public reputation. The measures are obtained for the case of a transport cyber-attack in the Australian state of New South Wales. Conclusions are offered on how to take forward appropriate evaluation processes for future planning for cyber risk for transport. The core of this is to enhance cost-benefit analysis to explicitly incorporate reputation damage in this way, but complementary or alternative ways forward on reputation loss matters for transport are also discussed, including discrete choice analysis and stock valuation.