In this paper, we assume the security level of a system is a quantifiable metric and apply the insurance company ruin theory in assessing the defense failure frequencies. The current security level of an information system can be viewed as the initial insurer surplus; defense investment can be viewed as premium income resulting in an increase in the security level; cyberattack arrivals follow a Poisson process, and the impact of attacks is modeled as losses on the security level. The occurrence of cyber breach is modeled as a ruin event. We use this framework to determine optimal investment in cyber security that minimizes the total cyber costs. We show by numerical examples that there is an optimal allocation of total cyber security budget...
With billions of dollars being spent on information security related products and services each year...
With the increasing application of Information and Communication Technologies (ICTs), cyberattacks h...
With billions of dollars being spent on information security related products and services each year...
Several research works have proposed economic and financial models to determine the optimal amount o...
Losses due to cyber security incidents could be very significant for organisations. This fact forces...
This work analyzes and extends insurance dynamics in the context of cyber risk. Cyber insurance cont...
Information security is becoming an increasingly serious problem faced by many enterprises and organ...
Cyber security has become a serious challenge for organizations due to growing use of the Internet a...
In the information age, the scale and scope of cyber attacks on information systems is on the rise. ...
Fast-growing numbers of technologies and devices make cyber security landscape more complicated and ...
International audienceIn this paper, we propose a general framework to design accumulation scenarios...
Purpose The purpose of this paper is to demonstrate how to find the optimal investment level in prot...
This paper uses the concept of social cost, comprised of private and externality costs, to capture t...
This paper develops a theory of sequential investments in cybersecurity in which the software vendor...
Cybersecurity has become a key factor that determines the success or failure of companies that rely ...
With billions of dollars being spent on information security related products and services each year...
With the increasing application of Information and Communication Technologies (ICTs), cyberattacks h...
With billions of dollars being spent on information security related products and services each year...
Several research works have proposed economic and financial models to determine the optimal amount o...
Losses due to cyber security incidents could be very significant for organisations. This fact forces...
This work analyzes and extends insurance dynamics in the context of cyber risk. Cyber insurance cont...
Information security is becoming an increasingly serious problem faced by many enterprises and organ...
Cyber security has become a serious challenge for organizations due to growing use of the Internet a...
In the information age, the scale and scope of cyber attacks on information systems is on the rise. ...
Fast-growing numbers of technologies and devices make cyber security landscape more complicated and ...
International audienceIn this paper, we propose a general framework to design accumulation scenarios...
Purpose The purpose of this paper is to demonstrate how to find the optimal investment level in prot...
This paper uses the concept of social cost, comprised of private and externality costs, to capture t...
This paper develops a theory of sequential investments in cybersecurity in which the software vendor...
Cybersecurity has become a key factor that determines the success or failure of companies that rely ...
With billions of dollars being spent on information security related products and services each year...
With the increasing application of Information and Communication Technologies (ICTs), cyberattacks h...
With billions of dollars being spent on information security related products and services each year...