By Topic

Macro-Economic Cyber Security Models

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

8 Author(s)
Matt Kiely ; students in the Department of Systems & Information Engineering at the University of Virginia, Charlottesville, VA 22904 USA. e-mail: ; Eric Kobe ; Amanda MacArthur ; Matt Polk
more authors

This paper quantitatively addresses two issues concerning cyber security economics that prior efforts have not. The first involves cyber security and its effect on a company's reputation. In this case, we focus on the levels of investment companies make related to reputation and how they implicitly reveal their views on cyber security risks. The second involves cyber security regulations. This analysis compares different strategies for choosing companies to regulate and the corresponding levels of risk reduction. This analysis can be used by companies and government policy makers to address cyber security investments decisions. A company's reputation is fundamental to their economic future. An advertisement, or article containing a security breach, can effect their reputation. This paper assumes the rate of advertising is indicative of the value they place on their reputation; hence, this is related to the value they place on cyber security. Comparing spending practices will provide insight into the value a company places on cyber security in regard to preserving their reputation. Early results show some difference in spending among banks, as well as sharper differences between banks and retail sectors in evaluating cyber security. In addition, an expected consequence analysis is performed to compare alternative investment strategies for cyber security components focused on reputation, as measured by the likelihood of a possible cyber attack resulting in media coverage. Historical data provides the basis for results that reveal the consequences implicitly being avoided by companies as a function of their level of investment and other economic variables. The second part of our analysis involves the macroeconomic effects of cyber attacks and their relationship to government regulations. Since cyber attacks have the potential for large indirect economic effects, the need for regulation is apparent. Although cyber security regulations requiring reporting of events cur- - rently exist, most security measures are the result of private industry decision-making rather than government influence. This analysis will determine the firms that provide the most economic influence from a risk reduction viewpoint. This analysis explores alternative methods to select firms for possible regulation and compares the level of risk reduction for these choices by using input-output modeling

Published in:

2006 IEEE Systems and Information Engineering Design Symposium

Date of Conference:

28-28 April 2006