Report of Expert Meeting on the development of a Harms Methodology

Measuring the Harms of Cyberattacks


A key contribution to advancing responsible behaviour in cyberspeace aim is recognition that cyberattacks and incidents do not just attack or harm technology, do not always have (easily) reversible effects, and can have impacts at national and international levels. A clarification on what constitutes harm in a comprehensive and measurable manner is required, coupled with data-driven and evidence-based metrics, tools and frameworks for understanding, tracking, and measuring this harm. Recognizing this, the CyberPeace Institute initiated, in 2022, research and a process to develop a harm methodology. The strategic objective is to determine the means to measure harm from cyberattacks and incidents in order to increase knowledge of the human costs, and influence policy, accountability and resilience efforts. 

Published: December 2023

Author: The CyberPeace Institute

Copyright:  The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.