IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v7y2019i7p587-d244632.html
   My bibliography  Save this article

Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization

Author

Listed:
  • Lu Xu

    (School of Information Management, Central China Normal University, Wuhan 430079, Hubei, China)

  • Yanhui Li

    (School of Information Management, Central China Normal University, Wuhan 430079, Hubei, China)

  • Jing Fu

    (Institute of Agricultural Economy and Technology, Hubei Academy of Agricultural Sciences, Wuhan 430064, Hubei, China)

Abstract

Network interconnection and information sharing among firms and their departments expose them to cybersecurity breaches. Traditional cybersecurity studies have paid little attention to the reallocation of security investment within firms. This paper proposes a mathematical model for optimal allocation of cybersecurity investment among headquarters and branches with budget constraints. The differences in size of information sets and system interconnection have been taken into account. The responses of optimal allocation to internal and external factors, such as the portion of branch information set, the propagation probability, the budget constraints, and the intrinsic vulnerability, have been studied in deep both theoretically and numerically. Analysis results indicate that the group will give priority to protecting headquarters when the total budget is small and intrinsic vulnerability is high. The security investment allocated to each branch increases with budget, propagation probability and portion of information set, but never exceeds 1 / ( n + 1 ) of total budget. Numerical simulations also verify that security information sharing among headquarters and branches can help improve the efficiency of security investment in the whole system. Furthermore, the findings of this paper will draw attention to the reallocation of cybersecurity investment within a business group and help cybersecurity managers to develop investment allocation strategies and policies.

Suggested Citation

  • Lu Xu & Yanhui Li & Jing Fu, 2019. "Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization," Mathematics, MDPI, vol. 7(7), pages 1-20, July.
    • Handle: RePEc:gam:jmathe:v:7:y:2019:i:7:p:587-:d:244632
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/7/7/587/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/7/7/587/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 2.
    2. Derrick Huang, C. & Hu, Qing & Behara, Ravi S., 2008. "An economic analysis of the optimal information security investment in the case of a risk-averse firm," International Journal of Production Economics, Elsevier, vol. 114(2), pages 793-804, August.
    3. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    4. Meilin He & Laura Devine & Jun Zhuang, 2018. "Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision‐Theoretic Approach," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 215-225, February.
    5. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 4.
    6. Stephen M. Robinson, 1991. "An Implicit-Function Theorem for a Class of Nonsmooth Functions," Mathematics of Operations Research, INFORMS, vol. 16(2), pages 292-309, May.
    7. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 3.
    8. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 1.
    9. Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
    10. Xinbao Liu & Xiaofei Qian & Jun Pei & Panos M. Pardalos, 2018. "Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size," Journal of Global Optimization, Springer, vol. 70(2), pages 413-436, February.
    11. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 4.
    12. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 3.
    13. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    14. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 2.
    15. Nagurney, Anna & Shukla, Shivani, 2017. "Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability," European Journal of Operational Research, Elsevier, vol. 260(2), pages 588-600.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Loretta Mastroeni & Alessandro Mazzoccoli & Maurizio Naldi, 2023. "Cyber Insurance Premium Setting for Multi-Site Companies under Risk Correlation," Risks, MDPI, vol. 11(10), pages 1-18, September.
    2. Muhammad Mudassar Yamin & Mohib Ullah & Habib Ullah & Basel Katt & Mohammad Hijji & Khan Muhammad, 2022. "Mapping Tools for Open Source Intelligence with Cyber Kill Chain for Adversarial Aware Security," Mathematics, MDPI, vol. 10(12), pages 1-25, June.
    3. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    4. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kritana Prueksakorn & Cheng-Xu Piao & Hyunchul Ha & Taehyeung Kim, 2015. "Computational and Experimental Investigation for an Optimal Design of Industrial Windows to Allow Natural Ventilation during Wind-Driven Rain," Sustainability, MDPI, vol. 7(8), pages 1-22, August.
    2. Hualin Xie & Jinlang Zou & Hailing Jiang & Ning Zhang & Yongrok Choi, 2014. "Spatiotemporal Pattern and Driving Forces of Arable Land-Use Intensity in China: Toward Sustainable Land Management Using Emergy Analysis," Sustainability, MDPI, vol. 6(6), pages 1-17, May.
    3. Stephan E. Maurer & Andrei V. Potlogea, 2021. "Male‐biased Demand Shocks and Women's Labour Force Participation: Evidence from Large Oil Field Discoveries," Economica, London School of Economics and Political Science, vol. 88(349), pages 167-188, January.
    4. Tie Hua Zhou & Ling Wang & Keun Ho Ryu, 2015. "Supporting Keyword Search for Image Retrieval with Integration of Probabilistic Annotation," Sustainability, MDPI, vol. 7(5), pages 1-18, May.
    5. T. Karski, 2019. "Opinions and Controversies in Problem of The So-Called Idiopathic Scoliosis. Information About Etiology, New Classification and New Therapy," Biomedical Journal of Scientific & Technical Research, Biomedical Research Network+, LLC, vol. 12(5), pages 9612-9616, January.
    6. Sung-Won Park & Sung-Yong Son, 2017. "Cost Analysis for a Hybrid Advanced Metering Infrastructure in Korea," Energies, MDPI, vol. 10(9), pages 1-18, September.
    7. Wesley Mendes-da-Silva, 2020. "What Makes an Article be More Cited?," RAC - Revista de Administração Contemporânea (Journal of Contemporary Administration), ANPAD - Associação Nacional de Pós-Graduação e Pesquisa em Administração, vol. 24(6), pages 507-513.
    8. Martin Valtierra-Rodriguez & Juan Pablo Amezquita-Sanchez & Arturo Garcia-Perez & David Camarena-Martinez, 2019. "Complete Ensemble Empirical Mode Decomposition on FPGA for Condition Monitoring of Broken Bars in Induction Motors," Mathematics, MDPI, vol. 7(9), pages 1-19, August.
    9. Akca Yasar & Gokhan Ozer, 2016. "Determination the Factors that Affect the Use of Enterprise Resource Planning Information System through Technology Acceptance Model," International Journal of Business and Management, Canadian Center of Science and Education, vol. 11(10), pages 1-91, September.
    10. Julián Miranda & Angélica Flórez & Gustavo Ospina & Ciro Gamboa & Carlos Flórez & Miguel Altuve, 2020. "Proposal for a System Model for Offline Seismic Event Detection in Colombia," Future Internet, MDPI, vol. 12(12), pages 1-17, December.
    11. Wisdom Akpalu & Mintewab Bezabih, 2015. "Tenure Insecurity, Climate Variability and Renting out Decisions among Female Small-Holder Farmers in Ethiopia," Sustainability, MDPI, vol. 7(6), pages 1-16, June.
    12. Wei Chen & Shu-Yu Liu & Chih-Han Chen & Yi-Shan Lee, 2011. "Bounded Memory, Inertia, Sampling and Weighting Model for Market Entry Games," Games, MDPI, vol. 2(1), pages 1-13, March.
    13. David Harborth & Sebastian Pape, 2020. "Empirically Investigating Extraneous Influences on the “APCO” Model—Childhood Brand Nostalgia and the Positivity Bias," Future Internet, MDPI, vol. 12(12), pages 1-16, December.
    14. Ping Wang & Jie Wang & Guiwu Wei & Cun Wei, 2019. "Similarity Measures of q-Rung Orthopair Fuzzy Sets Based on Cosine Function and Their Applications," Mathematics, MDPI, vol. 7(4), pages 1-23, April.
    15. Peterson, Willis L., 1973. "Publication Productivities Of U.S. Economics Department Graduates," Staff Papers 14105, University of Minnesota, Department of Applied Economics.
    16. Taeyeoun Roh & Yujin Jeong & Byungun Yoon, 2017. "Developing a Methodology of Structuring and Layering Technological Information in Patent Documents through Natural Language Processing," Sustainability, MDPI, vol. 9(11), pages 1-19, November.
    17. He-Yau Kang & Amy H. I. Lee & Tzu-Ting Huang, 2016. "Project Management for a Wind Turbine Construction by Applying Fuzzy Multiple Objective Linear Programming Models," Energies, MDPI, vol. 9(12), pages 1-15, December.
    18. Vasilyeva, Olga, 2021. "Agro-food clusters in the Republic of Kazakhstan: assessment and prospects of development," Economic Consultant, Roman I. Ostapenko, vol. 34(2), pages 13-20.
    19. Chris Lytridis & Anna Lekova & Christos Bazinas & Michail Manios & Vassilis G. Kaburlasos, 2020. "WINkNN: Windowed Intervals’ Number kNN Classifier for Efficient Time-Series Applications," Mathematics, MDPI, vol. 8(3), pages 1-14, March.
    20. Richard J. Ciotola & Jay F. Martin & Juan M. Castańo & Jiyoung Lee & Frederick Michel, 2013. "Microbial Community Response to Seasonal Temperature Variation in a Small-Scale Anaerobic Digester," Energies, MDPI, vol. 6(10), pages 1-18, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:7:y:2019:i:7:p:587-:d:244632. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.