Security Economics

Cyber-Insurance: Past, Present and Future

Insurance, in general, is a financial contract between the one buying the insurance (also known as the policyholder or insured) and the one providing insurance (known as insurance carrier or insurer). The contract, known as the insurance policy, …

SecurityBudget: Cyber Security Budget Spending Companion for SMEs

SecurityBudget will be a cyber security dashboard to support SMEs on how to protect their systems subject to a limited available budget. Budget: £12.5k. Principal Investigator: Manos Panaousis, co-Investigator: George Loukas.

SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions

This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of …

MERIT: A fraMEwoRk to Model and IncenTivise Cyber Security Investment Decisions

The MERIT addresses the challenge of how to take better cyber security investment decisions. It aims at minimising cyber security risks by optimally investing its budget for cyber controls. In a multi-disciplinary approach, it utilises both economics and cybersecurity engineering insights to significantly extend the state-of-the-art in decision support for cybersecurity spending.

Post-Incident Audits on Cyber Insurance Discounts

We introduce a game-theoretic model to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an …

SECONDO: a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era

SECONDO addresses the question “How can decisions about cyber security investments and cyber insurance pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy.

Cyber-Insurance as a Signaling Game: Self-Reporting and External Security Audits

An insurer has to know the risks faced by a potential client to accurately determine an insurance premium offer. However, while the potential client might have a good understanding of its own security practices, it may also have an incentive not to …

Games and Abstraction: The Science of Cyber Security

This proposal addresses the challenge “How do we make better security decisions?”. Specifically we propose to develop new approaches to decision support based on mathematical game theory. Our work will support professionals who are designing secure systems and also those charged with determining if systems have an appropriate level of security – in particular, systems administrators.

Cybersecurity Games and Investments: A Decision Support Approach

In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly interested in examining cases where the organization suffers from an underinvestment problem or inefficient spending on cybersecurity. To this end, we …

Game Theory Meets Information Security Management

This work addresses the challenge “how do we make better security decisions?” and it develops techniques to support human decision making and algorithms which enable well-founded cyber security decisions to be made. In this paper we propose a game …