IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v13y2021i24p13677-d699824.html
   My bibliography  Save this article

Systematically Understanding Cybersecurity Economics: A Survey

Author

Listed:
  • Mazaher Kianpour

    (Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, NTNU Norwegian University of Science and Technology, 2815 Gjøvik, Norway)

  • Stewart J. Kowalski

    (Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, NTNU Norwegian University of Science and Technology, 2815 Gjøvik, Norway)

  • Harald Øverby

    (Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, NTNU Norwegian University of Science and Technology, 2815 Gjøvik, Norway)

Abstract

Insights in the field of cybersecurity economics empower decision makers to make informed decisions that improve their evaluation and management of situations that may lead to catastrophic consequences and threaten the sustainability of digital ecosystems. By drawing on these insights, cybersecurity practitioners have been able to respond to many complex problems that have emerged within the context of cybersecurity over the last two decades. The academic field of cybersecurity economics is highly interdisciplinary since it combines core findings and tools from disciplines such as sociology, psychology, law, political science, and computer science. This study aims to develop an extensive and consistent survey based on a literature review and publicly available reports. This review contributes by aggregating the available knowledge from 28 studies, out of a collection of 628 scholarly articles, to answer five specific research questions. The focus is how identified topics have been conceptualized and studied variously. This review shows that most of the cybersecurity economics models are transitioning from unrealistic, unverifiable, or highly simplified fundamental premises toward dynamic, stochastic, and generalizable models.

Suggested Citation

  • Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    • Handle: RePEc:gam:jsusta:v:13:y:2021:i:24:p:13677-:d:699824
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/13/24/13677/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/13/24/13677/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Shackelford, Scott J., 2012. "Should your firm invest in cyber risk insurance?," Business Horizons, Elsevier, vol. 55(4), pages 349-356.
    2. Anthony Ween & Peter Dortmans & Nitin Thakur & Cayt Rowe, 2019. "Framing cyber warfare: an analyst’s perspective," The Journal of Defense Modeling and Simulation, , vol. 16(3), pages 335-345, July.
    3. Stefano DellaVigna, 2009. "Psychology and Economics: Evidence from the Field," Journal of Economic Literature, American Economic Association, vol. 47(2), pages 315-372, June.
    4. Elsner, Wolfram & Heinrich, Torsten & Schwardt, Henning, 2014. "The Microeconomics of Complex Economies," Elsevier Monographs, Elsevier, edition 1, number 9780124115859.
    5. Alessandro Mazzoccoli & Maurizio Naldi, 2020. "Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management," Risk Analysis, John Wiley & Sons, vol. 40(3), pages 550-564, March.
    6. Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    7. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.
    8. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    9. Corbet, Shaen & Gurdgiev, Constantin, 2019. "What the hack: Systematic risk contagion from cyber events," International Review of Financial Analysis, Elsevier, vol. 65(C).
    10. TaeYoung Kim & NamIl An & JongBeom Lim, 2018. "Scientific Information System for Silk Road Education Study," Sustainability, MDPI, vol. 10(9), pages 1-12, September.
    11. Moore, Tyler, 2010. "The economics of cybersecurity: Principles and policy options," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(3), pages 103-117.
    12. Derrick Huang, C. & Hu, Qing & Behara, Ravi S., 2008. "An economic analysis of the optimal information security investment in the case of a risk-averse firm," International Journal of Production Economics, Elsevier, vol. 114(2), pages 793-804, August.
    13. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    14. Mustafa Abdallah & Parinaz Naghizadeh & Ashish R. Hota & Timothy Cason & Saurabh Bagchi & Shreyas Sundaram, 2020. "Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs," Papers 2001.03213, arXiv.org, revised May 2020.
    15. Elvis Pontes & Adilson Guelfi & Anderson Silva & Sergio Kofuji, 2011. "A Comprehensive Risk Management Framework for Approaching the Return on Security Investment (ROSI)," Chapters, in: Matteo Savino (ed.), Risk Management in Environment, Production and Economy, IntechOpen.
    16. Ahmadi, Esmaeil & McLellan, Benjamin & Tezuka, Tetsuo, 2020. "The economic synergies of modelling the renewable energy-water nexus towards sustainability," Renewable Energy, Elsevier, vol. 162(C), pages 1347-1366.
    17. Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
    18. David Colander & Richard Holt & Barkley Rosser, 2004. "The changing face of mainstream economics," Review of Political Economy, Taylor & Francis Journals, vol. 16(4), pages 485-499.
    19. Peter B. Dixon & Dale Jorgenson (ed.), 2012. "Handbook of Computable General Equilibrium Modeling," Handbook of Computable General Equilibrium Modeling, Elsevier, edition 1, volume 1, number 1.
    20. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    21. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    22. Stefan Thurner & Sebastian Poledna, 2013. "DebtRank-transparency: Controlling systemic risk in financial networks," Papers 1301.6115, arXiv.org.
    23. Peter J. Dortmans & Nitin Thakur & Anthony Ween, 2015. "Conjectures for framing cyberwarfare," Defense & Security Analysis, Taylor & Francis Journals, vol. 31(3), pages 172-184, September.
    24. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    25. Wang, Shaun S., 2019. "Integrated framework for information security investment and cyber insurance," Pacific-Basin Finance Journal, Elsevier, vol. 57(C).
    26. Bauer, Johannes M. & van Eeten, Michel J.G., 0. "Cybersecurity: Stakeholder incentives, externalities, and policy options," Telecommunications Policy, Elsevier, vol. 33(10-11), pages 706-719, November.
    27. Anna Nagurney & Ladimer Nagurney, 2015. "A game theory model of cybersecurity investments with information asymmetry," Netnomics, Springer, vol. 16(1), pages 127-148, August.
    28. Maochao Xu & Lei Hua, 2019. "Cybersecurity Insurance: Modeling and Pricing," North American Actuarial Journal, Taylor & Francis Journals, vol. 23(2), pages 220-249, April.
    29. Mayadunne, Sanjaya & Park, Sungjune, 2016. "An economic model to evaluate information security investment of risk-taking small and medium enterprises," International Journal of Production Economics, Elsevier, vol. 182(C), pages 519-530.
    30. Hausken, Kjell, 2007. "Information sharing among firms and cyber attacks," Journal of Accounting and Public Policy, Elsevier, vol. 26(6), pages 639-688.
    31. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    32. Elsadig Musa Ahmed, 2021. "Modelling Information and Communications Technology Cyber Security Externalities Spillover Effects on Sustainable Economic Growth," Journal of the Knowledge Economy, Springer;Portland International Center for Management of Engineering and Technology (PICMET), vol. 12(1), pages 412-430, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Radoslaw Miskiewicz, 2022. "Clean and Affordable Energy within Sustainable Development Goals: The Role of Governance Digitalization," Energies, MDPI, vol. 15(24), pages 1-17, December.
    2. Oleksandr Melnychenko & Valerii Matskul & Tetiana Osadcha, 2022. "The Dynamics of Trade Relations between Ukraine and Romania: Modelling and Forecasting," Virtual Economics, The London Academy of Science and Business, vol. 5(2), pages 7-23, July.
    3. Aleksy Kwilinski & Oleksii Lyulyov & Tetyana Pimonenko, 2023. "Greenfield Investment as a Catalyst of Green Economic Growth," Energies, MDPI, vol. 16(5), pages 1-16, March.
    4. Henryk Dzwigol & Aleksy Kwilinski & Oleksii Lyulyov & Tetyana Pimonenko, 2023. "The Role of Environmental Regulations, Renewable Energy, and Energy Efficiency in Finding the Path to Green Economic Growth," Energies, MDPI, vol. 16(7), pages 1-18, March.
    5. Zhaozhi Wang & Shoufu Lin & Yang Chen & Oleksii Lyulyov & Tetyana Pimonenko, 2023. "Digitalization Effect on Business Performance: Role of Business Model Innovation," Sustainability, MDPI, vol. 15(11), pages 1-19, June.
    6. Henryk Dzwigol & Aleksy Kwilinski & Oleksii Lyulyov & Tetyana Pimonenko, 2023. "Renewable Energy, Knowledge Spillover and Innovation: Capacity of Environmental Regulation," Energies, MDPI, vol. 16(3), pages 1-15, January.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    2. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    3. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    4. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    5. Xinbao Liu & Xiaofei Qian & Jun Pei & Panos M. Pardalos, 2018. "Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size," Journal of Global Optimization, Springer, vol. 70(2), pages 413-436, February.
    6. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    7. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    8. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    9. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    10. Petar Radanliev & David Roure & Max Kleek & Uchenna Ani & Pete Burnap & Eirini Anthi & Jason R. C. Nurse & Omar Santos & Rafael Mantilla Montalvo & La’Treall Maddox, 2021. "Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge," Environment Systems and Decisions, Springer, vol. 41(2), pages 236-247, June.
    11. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    12. Xing Gao & Weijun Zhong, 2016. "Economic incentives in security information sharing: the effects of market structures," Information Technology and Management, Springer, vol. 17(4), pages 361-377, December.
    13. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.
    14. Xiaofei Qian & Jun Pei & Xinbao Liu & Mi Zhou & Panos M. Pardalos, 2019. "Information security decisions for two firms in a market with different types of customers," Journal of Combinatorial Optimization, Springer, vol. 38(4), pages 1263-1285, November.
    15. Xiaotong Li & Qianyao Xue, 2021. "An economic analysis of information security investment decision making for substitutable enterprises," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 42(5), pages 1306-1316, July.
    16. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    17. Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
    18. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    19. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    20. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:13:y:2021:i:24:p:13677-:d:699824. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.