1. R. Anderson and T. Moore, The economics of information security, Science, vol. 314(5799), pp. 610–613, 2006.

2. A. Arora, D. Hall, C. Ariel Pinto, D. Ramsey and R. Telang, An Ounce of Prevention vs. a Pound of Cure: How Can We Measure the Value of IT Security Solutions? Lawrence Berkeley National Laboratory, Berkeley, California, 2004.

3. Aspen Institute and Intel Security, Critical Infrastructure Report Readiness Report: Holding the Line Against Cyberthreats, Washington, DC and Santa Clara, California (〈www.mcafee.com/us/resources/reports/rp-aspen-holding-line-cyberthreats.pdf〉), 2015.

4. T. Bandyopadhyay, V. Mookerjee and R. Rao, Why IT managers don׳t go for cyber-insurance products, Communications of the ACM, vol. 52(11), pp. 68–73, 2009.

5. R. Bohme, Cyber-insurance revisited, presented at the Fourth Annual Workshop on the Economics of Information Security, 2005.