With a significant increase in high-profile data breaches and cybersecurity threats in the last couple years, it is critical for businesses to learn about the costs and investment decisions around securing their online systems. If you make decisions around IT investments in your job or are interested in learning more about securing your business, this course is for you. While many businesses think of cybersecurity as a technical problem, this course broadens that view and shows that security failures are caused as often by bad business decisions and incentive systems as by bad technical design. This course will: Teach you to make choices on investing in your company’s cybersecurity. We discuss and apply different economic models that help determine the costs and benefits of security investments. Arm you with research to make strategic business decisions. We review empirical research into security decisions and incentives of actors. We analyze data on firms in different markets, and apply economic concepts to explain the strategies of attackers. Review policy and regulations. We discuss available economic tools to better align the incentives for cybersecurity, including better security metrics, cyber insurance/risk transfer, information sharing, and liability assignment. This course offers a broad view of the field through lectures and exercises that can apply to both early career professionals as well as senior technical managers.