Economic Impacts of Rules-versus Risk-Based Cybersecurity Regulations for Critical Infrastructure Providers