Gordon, L. and Loeb, M. (2002) The Economics of Information Security Investment. ACM Transactions on Information and System Security, 5, 438-457.
 Gordon, L., Loeb, M., Lucyshyn and Zhou, L. (2015) Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model. Journal of Information Security, 6, 4-30.
 Farrow, S. (2007) The Economics of Homeland Security Expenditures: Foundational Expected Cost-Effectiveness Approaches. Contemporary Economic Policy, 25, 14-26.
 Hausken, K. (2006) Returns to Information Security Investment: The Effect of Alternative Information Security Breach Functions on Optimal Investment and Sensitivity to Vulnerability. Information Systems Frontiers, 8, 338-349.
 Gordon, L., Loeb, M. and Lucyshyn, W. (2003) Sharing Information on Computer Systems Security: An Economic Analysis. Journal of Accounting and Public Policy, 22, 461-485.
 Kunreuther, H. and Heal, G. (2003) Interdependent Security. Journal of Risk and Uncertainty, 26, 231-249.
 Willemson, J. (2010) Extending the Gordon and Loeb Model for Information Security Investment. 2010 International Conference on Availability, Reliability and Security, Krakow, 15-18 February 2010, 258-261.
 Bagnoli, M. and Bergstrom, T. (2005) Log-Concave Probability and Its Applications. Economic Theory, 26, 445-469.
 Cohen, M.A. (2000) Measuring the Costs and Benefits of Crime and Justice. In: Duffee, D., Ed., Measurement and Analysis of Crime and Justice, Criminal Justice 2000, Vol. 4, National Institute of Justice, Washington DC, 263-316.
 Graves, J., Acquisti, A. and Christin, N. (2014) Should Payment Card Issuers Reissue Cards in Response to a Data Breach? WEIS: Workshop on the Economics of Information Security, Pennsylvania State University, State College, 23-24 June 2014.
 Crosman, P. (2014) How Much Do Data Breaches Cost? Two Studies Attempt a Tally. American Banker.
 Silver-Greenberg, J. and Schwartz, N. (2012) MasterCard and Visa Investigate Data Breach. The New York Times, 31 March 2012.
 Schmidt, M. and Sanger, D. (2014) 5 in China Army Face U.S. Charges of Cyberattacks. The New York Times, 19 May 2014.
 Andrijcic, E. and Horowitz, B. (2006) A Macro-Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property. Risk Analysis, 26, 907-923.
 Miller, C. (2009) Russia Confirms Involvement with Estonia DDOS Attacks. SC Magazine, 12 March 2009.
 Tanner, J. (2007) Estonia Moves Soviet Statue to Cemetery. The Associated Press, 30 April 2007.
 Hollis, D. (2011) Cyberware Case Study: Georgia 2008. Small Wars Journal, 6 January 2011.
 Markoff, J. (2008) Before the Gunfire, Cyberattacks. The New York Times, 13 August 2008.
 Keizer, G. (2010) Estonia Blamed Russia for Backing 2007 Cyberattacks, Says Leaked Cable. Computer World, 9 December 2010.
 Landler, M. and Markoff, J. (2007) Digital Fears Emerge After Data Siege in Estonia. The New York Times, 29 May 2007.
 Richards, J. (2009) Denial-of-Service: The Estonian Cyberwar and Its Implications for US National Security. International Affairs Review, 18.
 Hobemagi, T. (2010) Price of Cyberattacks to Hansabank: 10 Million Euros. Baltic Business News, 12 August 2010.
 Herzog, S. (2011) Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses. Journal of Strategic Security, 4, 49-60.
 Crawford, J. (2014) The US Government Thinks China Could Take Down the Power Grid. CNN.com, 21 November 2014.
 Lloyd’s of London (2015) Business Blackout: The Insurance Implications of a Cyber Attack on the US Power Grid. Lloyd’s Emerging Risk Report-2015.
 Liptak, A. (2003) The Blackout of 2003: Lawsuits; Plaintiffs to Face Hurdles Proving Liability. The New York Times, 15 August 2003.
 Frankel, A. (2012) Can Customers Sue Power Companies for Outages? Yes, But It’s Hard to Win. Reuters.com, 9 November 2012.
 Zhang, Z. (2013) Cybersecurity Policy for the Electricity Sector: The First Step to Protecting Our Critical Infrastructure from Cyber Threats. Boston University Journal of Science and Technology Law, 19, 319-366.
 Wei, L., Debaise, C. and Bray, C. (2003) Blackout Exposes Power Companies to Potential Lawsuits. Dow Jones Newswires New York, 18 August 2003.
 Venable LLP (2014) The SAFETY Act: Providing Critical Liability Protections for Cyber and Physical Security Efforts.
https://www.venable.com/files/Publication/6c0b031e-c2c5-4029-9ac7-13cb1d8c0d07/Presentation/ PublicationAttachment/e81d24a3-fc57-4ece-8e1f-179418baf994/The_SAFETY_Act_Providing_ Critical_Liability_Protections_for_Cyber_and_Physical_Securi.pdf
 Huang, C.D., Hu, Q. and Behara, R.S. (2008) An Economic Analysis of the Optimal Information Security Investment in the Case of a Risk-Averse Firm. International Journal of Production Economics, 114, 793-804.
 Cook, P. and Graham, D. (1977) The Demand for Insurance and Protection: A Case of Irreplaceable Commodities. Quarterly Journal of Economics, 92, 143-156.
 Lucas, D. (2014) Rebutting Arrow and Lind: Why Governments Should Use Market Rates for Discounting. Journal of Natural Resources Policy Research, 6, 85-91.
 Stewart, M., Ellingwood, B. and Mueller, J. (2011) Homeland Security: A Case Study in Risk Aversion for Public Decision Making. International Journal of Risk Assessment and Management, 15, 367-386.
 Stewart, M. and Mueller, J. (2013) Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking. Journal of Policy Analysis and Management, 32, 615-633.
 Farrow, S. and Scott, M. (2013) Comparing Multi-State Expected Damages, Option Price and Cumulative Prospect Measures for Valuing Flood Protection. Water Resources Research, 49, 2638-2648.