The incentive regulation of costs related to physical and cyber security in electricity networks is an important but relatively unexplored and ambiguous issue. These costs can be part of cost efficiency benchmarking or, alternatively, dealt with separately. This paper discusses the issues and proposes options for incorporating network security costs within incentive regulation in a benchmarking framework. The relevant concerns and limitations associated with the accounting and classification of network security costs, choice of cost drivers, data adequacy and quality and the relevant benchmarking methodologies are discussed. The analysis suggests that the present regulatory treatment of network security costs using benchmarking is limited to being an informative regulatory tool rather than being deterministic. We discuss how alternative approaches outside the benchmarking framework, such as the use of stochastic cost-benefit analysis and cost-effectiveness analysis of network security investments can complement the results obtained from benchmarking.