 Enterprise security economics: A self‐defense versus cyber‐insurance dilemmaYosra Miaoui and Noureddine Boudriga Applied Stochastic Models in Business and Industry, 2019, vol. 35, issue 3, 448-478 Abstract: We propose a model that optimizes enterprise investments in cybersecurity using expected utility theory. The model allows computing (a) investment in self‐defense to reduce the risk of security breaches, (b) investment in cyber insurance to transfer the residual risk to insurance companies, and (c) investment in forensic readiness to make the insured firms capable of generating provable insurance claims about security breaches. A three‐phase–based model of vulnerability rate evolution over time is proposed and used to estimate the different planned security expenditures throughout the investment horizon. At the starting time of investment, a decision maker invests to cover the existing risk of breach and periodically spends to cover the additional risk observed due to the release of new vulnerabilities. In this work, the intermediate tranches are determined while considering three different attitudes of decision makers, namely, optimistic, pessimistic, and realistic. An analysis is conducted to assess the performance of the proposed models. Date: 2019 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:wly:apsmbi:v:35:y:2019:i:3:p:448-478 Access Statistics for this article More articles in Applied Stochastic Models in Business and Industry from John Wiley & Sons |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.