IGF 2022 WS #370 Addressing the gap in measuring the harm of cyberattacks

Thursday, 1st December, 2022 (10:45 UTC) - Thursday, 1st December, 2022 (11:45 UTC)
Large Briefing Room

Organizer 1: Pavlina Pavlova, CyberPeace Institute

Speaker 1: Raffray Emma, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Roxana Radu, Civil Society, Eastern European Group
Speaker 3: Peter Stephens, Intergovernmental Organization, Intergovernmental Organization


Cherie Lagakali, Civil Society, Asia-Pacific Group

Online Moderator

Pavlina Pavlova, Civil Society, Western European and Others Group (WEOG)


Pavlina Pavlova, Civil Society, Western European and Others Group (WEOG)


Round Table - U-shape - 60 Min

Policy Question(s)

How should “harm” be defined in cyberspace? What are the categories and indicators that can effectively help to measure harm from cyberattacks? How will a methodological framework for harm to people improve policy making and ensure greater accountability for cyberattacks? How will a methodological framework for harm improve implementation of cyber norms? How can a changed perception of harm through a human-centric approach inform the decision making at the domestic, regional, and international levels?

Connection with previous Messages: The session closely follows on the IGF 2021 Message on Trust, Security, and Stability, which states that “the development and implementation of cyber norms should include the views of all stakeholders (including victims, etc.) and address meaningfully their needs and responsibilities. Processes need to be based on research and analysis which include these communities”. The aim of the session is to bring attention to the impact of cyberattacks on the victims and offer a human-centric perspective on the harm caused by malicious activities in cyberspace. Importantly, it aims to support policy making, decision making, and norms implementation based on a methodological framework building on in-depth research and cyber incident analysis which assess both the vulnerability and needs of victims of cybercrime.


Targets: 16.3 Promote the rule of law at the national and international levels and ensure equal access to justice for all The session will present a methodology for measuring the societal impact of cyberattacks. The methodology proposes a novelty approach to the selection of indicators of harm and assessing the harm in cyberspace. To this day, there has not been a sustained effort to comprehensively measure the harm to people from malicious cyber behavior. This methodology aims to change this and contributes to policy- and decision-making through an informed and human-centric approach. This will help to develop prioritized resilience efforts based on areas with high levels of societal harm. The outcome of the session will effectively contribute to promoting the rule of law at the international levels, in particular at the United Nations processes such as the Open-Ended Working Group (OEWG) on security of and in the use of information and communications technologies and the Ad Hoc Committee (AHC) to elaborate a UN cybercrime convention, but also on national and regional levels. By doing so, it supports the steps toward closing the accountability gap in cyberspace and ensuring equal access to justice for all victims. Technology 17.6 Enhance North-South, South-South and triangular regional and international cooperation on and access to science, technology and innovation and enhance knowledge sharing on mutually agreed terms, including through improved coordination among existing mechanisms, in particular at the United Nations level, and through a global technology facilitation mechanism. Developing a harm methodology can meaningfully contribute to regional and international cooperation and capacity building, through knowledge sharing and increased understanding of mutually agreed terms. At the same time, the focus on accountability for malicious cyber behavior prioritizes finding synergies and improving coordination among existing mechanisms to achieve an effective implementation on the ground. The methodology, just as the proposed session itself, builds on a multistakeholder approach that supports and enhances global exchange and reflects on the diversity of perspectives among different groups of stakeholders.

Description: In an era where the use of technology is intrinsically linked to every detail of our lives, we are seeing increasing threats to the secure and safe use of these technologies. Cyberattacks on critical infrastructure have demonstrated how vulnerable we really are when services such as emergency care, access to clean water and electricity are impacted. Over the years efforts to measure the impact of cyberattacks have focused on the direct impact to targeted systems or organizations; from time to restore, financial costs and to some extent the number breached records. This narrow assessment of the impact of cyberattacks misses a fundamental element; what harm has the attack caused to people. The real harm on society is difficult to estimate, whether it has to do with a cumulation of many individual events or a one-off major disruption, but getting to the point where we can measure this will allow us to better protect infrastructure essential to our lives but also people who depend on it. There is currently no standard methodology in place and we lack the metrics, tools and frameworks to understand and track harm from cyberattacks over time. Defining indicators of harm is the first step to developing a thorough methodology; the CyberPeace Institute has begun research into categories of harm and indicators relating to physical, digital, informational and psychological harms. These are then used as the backbone for proposals for a standardized methodology to measure and assess harm across industrial sectors, geographic regions and ultimately society. A methodological framework can lay the foundation for, and influence, solid policymaking to ensure accountability for cyberattacks and help to develop prioritized resilience efforts based on areas with high levels of societal harm. Through this session we propose to outline the draft methodology, so as to leverage the expertise of the audience to provide feedback and indicate interest in peer-reviewing or testing such a methodology. As well as to have an open discussion about the value of understanding harm in a cyber context.

Expected Outcomes

The input from the participants will be gathered and analyzed to further inform and improve the developing methodological framework for harm to people from cyberattacks.

Hybrid Format: - How will you facilitate interaction between onsite and online speakers and attendees? The onsite and online moderators will facilitate the interaction, stirring a discussion with proposed guiding questions and giving the floor to participants interested in commenting or asking a question. - How will you design the session to ensure the best possible experience for online and onsite participants? The online event will have an open format where, after the introduction and opening statements informing the discussion, the moderator will focus on driving the discussion among participants and have them actively engage on the topic. - Please note any complementary online tools/platforms you plan to use to increase participation and interaction during the session. The online event will be facilitated over a video secure video conferencing platform with an enabled chat function to allow the participants to pose questions or comment through the event.

Online Participation

Usage of IGF Official Tool.