security economics

Cyber-insurance: Past, present and future

Insurance, in general, is a financial contract between the one buying the insurance (also known as the policyholder or insured) and the one providing insurance (known as insurance carrier or insurer). The contract, known as the insurance policy, …

SecurityBudget - Cyber Security Budget Spending Companion for SMEs

Role: PI. SecurityBudget is a cyber security dashboard to support SMEs on how to protect their systems subject to a limited available budget.

SECONDO: A platform for cybersecurity investments and cyber insurance decisions

This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of …

MERIT - A fraMEwoRk to Model and IncenTivise Cyber Security Investment Decisions

Role: PI. MERIT is addressing the complete cyber security management lifecycle, including asset pricing, threat-based risk assessment and optimal risk control constrained by a financial budget. The value of MERIT to practitioners is to increase the effectiveness of cyber security budget spending as decided by Chief Information Security Officers (CISOs) and boards of directors.

Post-incident audits on cyber insurance discounts

We introduce a game-theoretic model to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an …

SECONDO - a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era

Role: PI. SECONDO addresses the question “How can decisions about cyber security investments and cyber insurance pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy.

CUREX - seCUre and pRivate hEalth data eXchange

Role: PI. The health sector’s increasing dependence on digital information and communication infrastructures renders it vulnerable to threats to privacy and cybersecurity, especially as the theft of health data has become particularly lucrative for cyber criminals.

Cyber-insurance as a signaling game: self-reporting and external security audits

An insurer has to know the risks faced by a potential client to accurately determine an insurance premium offer. However, while the potential client might have a good understanding of its own security practices, it may also have an incentive not to …

Risk assessment uncertainties in cybersecurity investments

When undertaking cybersecurity risk assessments, it is important to be able to assign numeric values to metrics to compute the final expected loss that represents the risk that an organization is exposed to due to cyber threats. Even if risk …

An options approach to cybersecurity investment

Cybersecurity has become a key factor that determines the success or failure of companies that rely on information systems. Therefore, investment in cybersecurity is an important financial and operational decision. Typical information technology …