|
Scientific paper ID 2566 : 2024/3
OPTIMISING CYBERSECURITY INVESTMENTS IN THE RAIL SECTOR TO REDUCE FINANCIAL RISKS
Angel Ivanov, Kalina Semova The article discusses the importance of cybersecurity in the rail sector. The integration of digital technologies exposes the sector to a multitude of cyber threats, necessitating proactive and robust security measures. The rail sector faces significant financial risks from cyber threats, including direct costs from service disruptions and recovery efforts, as well as indirect costs like reputational damage and loss of public trust, that can have lasting effects, reducing passenger confidence, and potentially leading to a decline in ridership, which in turn affects revenue and the financial stability of rail operators. Guided by European Unity Agency for Cybersecurity (ENISA) report and the Directive on measures for a high common level of cybersecurity across the European Union (NIS2 Directive) strategic investments in cybersecurity are the key to addressing these vulnerabilities. Cybersecurity should be viewed as a critical tool for ensuring the security of efficient rail operations. Proactive investments in cybersecurity can help prevent major financial losses from cyber incidents and enhance the sector`s defenses against evolving threats. Cost-benefit analysis of cybersecurity investments in the rail sector is presented in the article and a formula for calculating the return on investment of cybersecurity investments is proposed.
cybersecurity in the rail sector risks from cyber threats cybersecurity investments return on investment (ROI) of cybersecurity investments digital transformation of the rail sector EU Cybersecurity Strategycybersecurity in the rail sector risks frAngel Ivanov Kalina Semova BIBLIOGRAPHY [1] ENISA Report on Railway Cybersecurity. https://www.enisa.europa.eu/publications/ra... [2] EU Cybersecurity Strategy for the Digital Decade. [3] https://digital-strategy.ec.europa.eu/en/li... [4] Paklerska A., Cyber Threats in Rail Traffic in Poland. DOI:doi.org/10.13166/jms/176679, JOURNAL OF MODERN SCIENCE (jomswsge.com), volume 4/53/2023 [5] ISO/IEC 27005:2022 Information Security, cybersecurity and Privacy Protection – Guidance on managing information security risks. https://www.iso.org/standard/80585.html [6] Directive (EU) 2022/2555 (NIS2 Directive). https://www.nis-2-directive.com |