A Novel Model for Cybersecurity Economics and Analysis

Abstract

In recent times, major cybersecurity breaches and cyber fraud had huge negative impact on victim organisations. The biggest impact made on major areas of business activities. Majority of organisations facing cybersecurity adversity and advanced threats suffers from huge financial and reputation loss. The current security technologies, policies and processes are providing necessary capabilities and cybersecurity mechanism to solve cyber threats and risks. However, current solutions are not providing required mechanism for decision making on impact of cybersecurity breaches and fraud. In this paper, we are reporting initial findings and proposing conceptual solution. The paper is aiming to provide a novel model for Cybersecurity Economics and Analysis (CEA). We propose an innovative model for an optimal cybersecurity cost-benefit framework to help decision-making based on a combination of qualitative and quantitative analysis of the cybersecurity risks and their impact on organizational tangible and intangible assets. Cybersecurity Economics and Analysis utilizes a holistic approach to cybersecurity, proposing a model based on a deep and comprehensive analysis of organisations’ security – considering not only technological perspectives, but institutional, economic, governance and human dimensions – taking forward existing ‘best’ and effective practices from national audit frameworks, sectoral guidelines and organisational policies. This new solution will account for the wants and needs of various stakeholder groups and existing sectoral requirements. We will contribute to increasing harmonization of European cybersecurity initiatives and reducing fragmented practices of cybersecurity solutions and also helping to reach EU Digital Single Market goal. By introducing Cybersecurity Readiness Level Metrics the project will measure and increase effectiveness of cybersecurity programs, while the cost-benefit framework will help to increase the economic and financial viability, effectiveness and value generation of cybersecurity solutions for organisation’s strategic, tactical and operational imperative. The ambition of the research development and innovation (RDI) is to increase and re-establish the trust of the European citizens in European digital environments through practical solutions.