EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Risk Assessment Uncertainties in Cybersecurity Investments

Andrew Fielder, Sandra König, Emmanouil Panaousis, Stefan Schauer and Stefan Rass
Additional contact information
Andrew Fielder: Institute for Security Science and Technology, Imperial College London, London SW7 2AZ, UK
Sandra König: Center for Digital Safety & Security, Austrian Institute of Technology, 1210 Vienna, Austria
Emmanouil Panaousis: Surrey Centre for Cyber Security, University of Surrey, Guildford, Surrey GU2 7XH, UK
Stefan Schauer: Center for Digital Safety & Security, Austrian Institute of Technology, 1210 Vienna, Austria
Stefan Rass: System Security Group, Institute of Applied Informatics, Universität Klagenfurt, 9020 Klagenfurt, Austria

Games, 2018, vol. 9, issue 2, 1-14

Abstract: When undertaking cybersecurity risk assessments, it is important to be able to assign numeric values to metrics to compute the final expected loss that represents the risk that an organization is exposed to due to cyber threats. Even if risk assessment is motivated by real-world observations and data, there is always a high chance of assigning inaccurate values due to different uncertainties involved (e.g., evolving threat landscape, human errors) and the natural difficulty of quantifying risk. Existing models empower organizations to compute optimal cybersecurity strategies given their financial constraints, i.e., available cybersecurity budget. Further, a general game-theoretic model with uncertain payoffs (probability-distribution-valued payoffs) shows that such uncertainty can be incorporated in the game-theoretic model by allowing payoffs to be random. This paper extends previous work in the field to tackle uncertainties in risk assessment that affect cybersecurity investments. The findings from simulated examples indicate that although uncertainties in cybersecurity risk assessment lead, on average, to different cybersecurity strategies, they do not play a significant role in the final expected loss of the organization when utilising a game-theoretic model and methodology to derive these strategies. The model determines robust defending strategies even when knowledge regarding risk assessment values is not accurate. As a result, it is possible to show that the cybersecurity investments’ tool is capable of providing effective decision support.

Keywords: risk assessment; cybersecurity investments; game theory (search for similar items in EconPapers)
JEL-codes: C C7 C70 C71 C72 C73 (search for similar items in EconPapers)
Date: 2018
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (6)

Downloads: (external link)
https://www.mdpi.com/2073-4336/9/2/34/pdf (application/pdf)
https://www.mdpi.com/2073-4336/9/2/34/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jgames:v:9:y:2018:i:2:p:34-:d:151564

Access Statistics for this article

Games is currently edited by Ms. Susie Huang

More articles in Games from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jgames:v:9:y:2018:i:2:p:34-:d:151564