Cyber risk is a significant concern for all types of businesses. The consequences of a cyber attack can be quite severe. Investing in security to mitigate the impact of such risks is a crucial task, both in terms of the frequency and the severity of cyber incidents. In this paper, we propose a practical application of the Gordon and Loeb model, thereby suggesting a methodology to estimate risk exposure and reconsidering some investment evaluation metrics. Our findings strongly support the claim that maximizing the expected net benefit of an investment solely at the optimal level is not sufficient for sound decision-making. On the contrary, incorporating metrics that evaluate the benefit in relation to risk and consider worst-case scenarios offers deeper insights
Application of the Gordon Loeb model to security investment metrics: a proposal
Carfora, Maria Francesca
;Orlando, Albina
2024
Abstract
Cyber risk is a significant concern for all types of businesses. The consequences of a cyber attack can be quite severe. Investing in security to mitigate the impact of such risks is a crucial task, both in terms of the frequency and the severity of cyber incidents. In this paper, we propose a practical application of the Gordon and Loeb model, thereby suggesting a methodology to estimate risk exposure and reconsidering some investment evaluation metrics. Our findings strongly support the claim that maximizing the expected net benefit of an investment solely at the optimal level is not sufficient for sound decision-making. On the contrary, incorporating metrics that evaluate the benefit in relation to risk and consider worst-case scenarios offers deeper insights| File | Dimensione | Formato | |
|---|---|---|---|
|
10.3934_DSFE.2024025.pdf
accesso aperto
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
319.12 kB
Formato
Adobe PDF
|
319.12 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
