Security Economics

Cyber-Insurance: Past, Present and Future

Insurance, in general, is a financial contract between the one buying the insurance (also known as the policyholder or insured) and the one providing insurance (known as insurance carrier or insurer). The contract, known as the insurance policy, …

SecurityBudget: Cyber Security Budget Spending Companion for SMEs

Budget: £12.5k. Principal Investigator: Manos Panaousis, co-Investigator: George Loukas. SecurityBudget is a cyber security dashboard to support SMEs on how to protect their systems subject to a limited available budget.

SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions

This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of …

MERIT: A fraMEwoRk to Model and IncenTivise Cyber Security Investment Decisions

Budget: £110k (University of Greenwich share £98k). Role: Principal investigator. co-Investigator: Michail Chronopoulos (City University London, Cass Business School). Partners: City University, IASME consortium, Imperial College, Giess Wallis Crisp LLP.

Post-Incident Audits on Cyber Insurance Discounts

We introduce a game-theoretic model to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an …

SECONDO: a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era

Budget: €1.6M (University of Greenwich share €238k). Role: Principal Investigator. SECONDO addresses the question “How can decisions about cyber security investments and cyber insurance pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy.

Cyber-Insurance as a Signaling Game: Self-Reporting and External Security Audits

An insurer has to know the risks faced by a potential client to accurately determine an insurance premium offer. However, while the potential client might have a good understanding of its own security practices, it may also have an incentive not to …

Risk Assessment Uncertainties in Cybersecurity Investments

When undertaking cybersecurity risk assessments, it is important to be able to assign numeric values to metrics to compute the final expected loss that represents the risk that an organization is exposed to due to cyber threats. Even if risk …

An Options Approach to Cybersecurity Investment

Cybersecurity has become a key factor that determines the success or failure of companies that rely on information systems. Therefore, investment in cybersecurity is an important financial and operational decision. Typical information technology …

Decision Support Approaches for Cyber Security Investment

When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision support …