The Benefits and Costs of Cybersecurity Risk Reduction: A Dynamic Extension of the Gordon and Loeb Model
Can’t use the file because of accessibility barriers? Contact us
Date
2021-02-15
Journal Title
Journal ISSN
Volume Title
Publisher
Permanent Link
Abstract
This article develops a dynamic extension of the classic model of cybersecurity investment formulated by Gordon and Loeb. In this dynamic model, results are influenced by the rate at which cybersecurity assets depreciate and the rate of return on investment. Depreciation costs are lower in the dynamic model than is implicitly assumed in the classic model, while the rate-of-return threshold is higher. On balance, the user cost of cybersecurity assets is lower in the dynamic model than is implicitly assumed in the classic model. This difference increases the economically efficient size of the cybersecurity system in value terms, increasing the efficient level of risk reduction
Description
This record is for a(n) offprint of an article published in Risk Analysis on 2021-02-15.
Keywords
Benefit-cost analysis; cybersecurity investment; dynamic decision-making
Citation
Krutilla, Kerry, et al. "The Benefits and Costs of Cybersecurity Risk Reduction: A Dynamic Extension of the Gordon and Loeb Model." Risk Analysis, vol. 41, no. 10, pp. 1795-1808, 2021-02-15.
Journal
Risk Analysis