Skip to main content

Course overview & release dates

WeekRelease dateTopicTeacher
1 January 20 Introduction to security economics
    • Overview of the course
    • Brief history of the field: why study cybersecurity as an economics problem
    • Economics for engineers
    • Economics of information goods
    • Security engineering for economists

Ross Anderson
Ross Anderson

Cambridge University

2 January 27 Measuring cybersecurity
    • What to measure?
    • Security metrics
    • Data collection and processing
    • Case study: security metrics for botnet mitigation by ISPs

Michel van Eeten     Carlos H. Gañán
Michel van Eeten   Carlos H. Gañán

Delft University of Technology

3 February 3 Security Investment and Management
    • Security strategies
    • Optimal information security investment
    • Risk management
    • Operational security management

Rainer Böhme
Rainer Böhme

University of Münster

4 February 10 Market Failures and Policy
    • Market Failures
    • Policy Interventions to Correct Market Failures
    • Case study: cooperation and information sharing
    • Case study: payment card industry

Tyler Moore
Tyler Moore

Southern Methodist University

5 February 17 The Human Factor
    • Introduction to behavioral economics
    • The heuristics and biases tradition
    • Applying behavioral economics: consumer behavior and deception
    • The behavioral economics of privacy
    • Security economics and policy

Sophie van der Zee    David Modic    Ross Anderson
Sophie van der Zee   David Modic       Ross Anderson

Cambridge University

Course description

With a significant increase in high-profile data breaches and cybersecurity threats in the last couple years, it is critical for businesses to learn about the costs and investment decisions around securing their online systems. If you make decisions around IT investments in your job or are interested in learning more about securing your business, this course is for you.

While many businesses think of cybersecurity as a technical problem, this course broadens that view and shows that security failures are caused as often by bad business decisions and incentive systems as by bad technical design.

This course provides an introduction to the field of the economics behind cybersecurity, delivered by four leading research teams from distinguished universities around the world. It will provide you with the economic concepts, measurement approaches and data analytics to make better security decisions, while helping you to understand the forces that shape the security decisions of other businesses, products and services.

Learning objectives

After finishing this course you will be able to apply economic analysis and data analytics. You will understand the role played by incentives on the adoption and effectiveness of security mechanisms, and on the design of technical, market-based, and regulatory solutions to different security threats.

After successfully completing this course, you will be able to:

  • Position yourself as a vital subject matter expert regarding the economic drivers that influence cybersecurity and position your company to move forward and stay competitive.
  • Engage confidently with management on opportunities and cybersecurity challenges faced by your industry; analyze emerging security threats and how these threats can be mitigated by effectively addressing real economic problems.
  • Assess the issues of investment in cybersecurity, making your company more productive, while saving time and money.


The course is accessible for a broad range of professionals. Some level of familiarity with either computer science, economics or policy is recommended.

Grading & Certification

Upon successful completion of this course you will be awarded a DelftX Professional Education Certificate. These certificates will indicate you have successfully completed the course, but will not include a specific grade. Certificates will be issued by edX under the name of DelftX, designating the institution from which the course originated.

Additionally, the TU Delft Extension School offers Continuing Education Units for this course. Participants of EconSec101x who successfully complete the course requirements will earn a Certificate of Completion and are eligible to receive 2.0 Continuing Education Units (2.0 CEUs).

There are no formal due dates for course assignments except for peer-review assignments and problems sets where the solution will be published after the due date. However, to receive the maximum benefit from the course, we suggest that you complete each week’s coursework by noon on the day on which the next chapter opens.

In order to receive your certificate of completion, you must submit all coursework (and receive a passing grade) by 23:59 UTC on Sunday, March 8.


Around 6 - 8 hours per week.


Resources & Tools

We will be using a custom created open source text that will be embedded into the edX course as readings. Your reading assignments will be released weekly with links to the appropriate readings.

Moreover, you will find ample instructional videos each week. These videos (available in 360p and 720p) including the subtitles, the transcripts and the lecture slides used will be made available for download.

For some exercises you will need a statistical software to compute and analyze data. You may use any software that you're familiar with [check list here]. In case you need to download a statistical software we suggest to install R and RStudio (research validated) onto the computer you will be using for the course.


The course materials of this course are Copyright Delft University of Technology and are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International.

If you choose to reuse or repost DelftX course materials you must give proper attribution to the original TU Delft faculty author(s). Please utilize the following citation "This material was created by or adapted from material posted on the Delftx website,, and created by TU Delft faculty member (Name), (Title), (Year). DelftX is not responsible for any changes made to the original materials posted on its website and any such changes are the sole responsibility of [name of user/adapter]."

You must also include a copy of the Creative Commons license used by DelftX, with every copy of the TU Delft materials or the derivative work you create from it.

Creative Commons License