Costs and benefits of cybersecurity regulation. The terms of a complex assessment

This document is an appendix to "Evaluating the prudency of cybersecurity investments: Guidelines for Energy Regulators". It explains the terms of an evaluation of the economic effects (increased and saved costs) of a regulation imposing the compliance to a cybersecurity standard or to a list of countermeasures. The reference is the cost-benefit approach presented in section 3.4 of the guidelines. An exercise based on hypothetical realistic data shows how to apply these definitions in order to calculate the costs and the benefits connected to the implementation of the regulation.