Investing in Cybersecurity: Insights from the Gordon-Loeb Model

Gordon, Lawrence A.; Loeb, Martin P.; Zhou, Lei

doi:10.4236/jis.2016.72004

Cited by 52 publications

(51 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A general economic model for the dependence of mathematical expectation of conditionally saved funds on the magnitude of investment in information security, the expected net benefits from an investment in information security (ENBIS), was proposed in paper [9]. This model underlies a series of works whose results are generalized in study [10].…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

A multicriterial analysis of the efficiency of conservative information security systems

Dudykevych¹,

Prokopyshyn²,

Чекурін³

et al. 2019

EEJET

View full text Add to dashboard Cite

Section: Literature Review and Problem Statementmentioning

confidence: 99%

A multicriterial analysis of the efficiency of conservative information security systems

Dudykevych¹,

Prokopyshyn²,

Чекурін³

et al. 2019

EEJET

View full text Add to dashboard Cite

“…The GL Model is based on the fundamental economic principle of cost-benefit analysis and is grounded in mathematics [25]. However, the GL Model provides a basic framework for deriving a firm's level of spending on cybersecurity activities that can be utilized without sophisticated mathematics (e.g., see [26]). In 2017, a report by the U. S. Better Business Bureau addressing issues related to cybersecurity investments in small businesses recommended the GL Model as a framework that "…provides a useful guide for organizations trying to find the right level of cybersecurity investment" ( [27], p. 20).…”

Section: Gordon-loeb Model For Cybersecurity Investmentsmentioning

confidence: 99%

“…For a more detailed analysis of how to implement the GL Model, including an example, see [26]. A three-minute YouTube Video explaining the general nature of the Model, including the four steps discussed below can be found at: https://www.youtube.com/watch?v=cd8dT0FuqQ4.…”

mentioning

confidence: 99%

Empirical Evidence on the Determinants of Cybersecurity Investments in Private Sector Firms

Gordon¹,

Loeb²,

Lucyshyn³

et al. 2018

JIS

Self Cite

View full text Add to dashboard Cite

Investments in cybersecurity are critical to the national and economic security of a nation. There is, however, a strong tendency for firms in the private sector to underinvest in cybersecurity activities. This paper reports the results of a survey designed to empirically assess whether treating cybersecurity as an important component of a firm's internal control system for financial reporting purposes serves as a driver for private sector firms to invest in cybersecurity activities. The findings, in this regard, are significantly positive. The study also shows that a firm's concern over the risk of incurring a large loss due to a cybersecurity breach and the degree the firm treats cybersecurity investments as generating a competitive advantage are drivers of the level of private sector investment in cybersecurity activities. The implications of the empirical results for designing public policies to mitigate the tendency of private sector firms to underinvest in cybersecurity are also explored.

show abstract

“…In Huang and Behara (2013), a model with the same mathematical shape as that proposed in that seminal paper has also been derived for concurrent heterogeneous attacks through the theory of scale-free networks. Indications to use the GL model in a practical setting have been provided in the papers by Gordon, Loeb, and Zhou (2016) and Naldi and Flamini (2017). The GL model has been extended by Gordon, Loeb, Lucyshyn, and Zhou (2014) and Farrow and Szanton (2016) to cater for externalities.…”

Section: Introductionmentioning

confidence: 99%

Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management

Mazzoccoli

Naldi

2019

Risk Analysis

View full text Add to dashboard Cite

An integrated risk management strategy, combining insurance and security investments, where the latter contribute to reduce the insurance premium, is investigated to assess whether it can lead to reduced overall security expenses. The optimal investment for this mixed strategy is derived under three insurance policies, covering, respectively, all the losses (total coverage), just those below the limit of maximum liability (partial coverage), and those above a threshold but below the maximum liability (partial coverage with deductibles). Under certain conditions (e.g., low potential loss, or either very low or very high vulnerability), the mixed strategy reverts however to insurance alone, because investments do not provide an additional benefit. When the mixed strategy is the best choice, the dominant component in the overall security expenses is the insurance premium in most cases. Optimal investment decisions require an accurate estimate of the vulnerability, whereas larger estimation errors may be tolerated for the investment‐effectiveness coefficient.

show abstract

Investing in Cybersecurity: Insights from the Gordon-Loeb Model

Cited by 52 publications

References 14 publications

A multicriterial analysis of the efficiency of conservative information security systems

A multicriterial analysis of the efficiency of conservative information security systems

Empirical Evidence on the Determinants of Cybersecurity Investments in Private Sector Firms

Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management

Contact Info

Product

Resources

About