Optimizing Cybersecurity Investments over Time
In the context of growing vulnerabilities, cyber-risk management cannot rely on a one-off approach, instead calling for a continuous re-assessment of the risk and adaptation of risk management strategies. Under the mixed investment–insurance approach, where both risk mitigation and risk transfer are...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2022-06-01
|
Series: | Algorithms |
Subjects: | |
Online Access: | https://www.mdpi.com/1999-4893/15/6/211 |
_version_ | 1797490785733574656 |
---|---|
author | Alessandro Mazzoccoli Maurizio Naldi |
author_facet | Alessandro Mazzoccoli Maurizio Naldi |
author_sort | Alessandro Mazzoccoli |
collection | DOAJ |
description | In the context of growing vulnerabilities, cyber-risk management cannot rely on a one-off approach, instead calling for a continuous re-assessment of the risk and adaptation of risk management strategies. Under the mixed investment–insurance approach, where both risk mitigation and risk transfer are employed, the adaptation implies the re-computation of the optimal amount to invest in security over time. In this paper, we deal with the problem of computing the optimal balance between investment and insurance payments to achieve the minimum overall security expense when the vulnerability grows over time according to a logistic function, adopting a greedy approach, where strategy adaptation is carried out periodically at each investment epoch. We consider three liability degrees, from full liability to partial liability with deductibles. We find that insurance represents by far the dominant component in the mix and may be relied on as a single protection tool when the vulnerability is very low. |
first_indexed | 2024-03-10T00:38:02Z |
format | Article |
id | doaj.art-1668be0dc54741228e41fb121ae57179 |
institution | Directory Open Access Journal |
issn | 1999-4893 |
language | English |
last_indexed | 2024-03-10T00:38:02Z |
publishDate | 2022-06-01 |
publisher | MDPI AG |
record_format | Article |
series | Algorithms |
spelling | doaj.art-1668be0dc54741228e41fb121ae571792023-11-23T15:13:23ZengMDPI AGAlgorithms1999-48932022-06-0115621110.3390/a15060211Optimizing Cybersecurity Investments over TimeAlessandro Mazzoccoli0Maurizio Naldi1Department of Law, Economics, Politics and Modern Languages, LUMSA University, Via Marcantonio Colonna 19, 00192 Rome, ItalyDepartment of Law, Economics, Politics and Modern Languages, LUMSA University, Via Marcantonio Colonna 19, 00192 Rome, ItalyIn the context of growing vulnerabilities, cyber-risk management cannot rely on a one-off approach, instead calling for a continuous re-assessment of the risk and adaptation of risk management strategies. Under the mixed investment–insurance approach, where both risk mitigation and risk transfer are employed, the adaptation implies the re-computation of the optimal amount to invest in security over time. In this paper, we deal with the problem of computing the optimal balance between investment and insurance payments to achieve the minimum overall security expense when the vulnerability grows over time according to a logistic function, adopting a greedy approach, where strategy adaptation is carried out periodically at each investment epoch. We consider three liability degrees, from full liability to partial liability with deductibles. We find that insurance represents by far the dominant component in the mix and may be relied on as a single protection tool when the vulnerability is very low.https://www.mdpi.com/1999-4893/15/6/211cybersecurityoptimal investmentcyber insurancerisk management |
spellingShingle | Alessandro Mazzoccoli Maurizio Naldi Optimizing Cybersecurity Investments over Time Algorithms cybersecurity optimal investment cyber insurance risk management |
title | Optimizing Cybersecurity Investments over Time |
title_full | Optimizing Cybersecurity Investments over Time |
title_fullStr | Optimizing Cybersecurity Investments over Time |
title_full_unstemmed | Optimizing Cybersecurity Investments over Time |
title_short | Optimizing Cybersecurity Investments over Time |
title_sort | optimizing cybersecurity investments over time |
topic | cybersecurity optimal investment cyber insurance risk management |
url | https://www.mdpi.com/1999-4893/15/6/211 |
work_keys_str_mv | AT alessandromazzoccoli optimizingcybersecurityinvestmentsovertime AT maurizionaldi optimizingcybersecurityinvestmentsovertime |