Download This PaperOptimal Level and Allocation of Cybersecurity Spending: Model and Formula
12 Pages Posted: 31 Jul 2017 Last revised: 28 Oct 2017
Date Written: October 27, 2017
Abstract
This paper presents mathematical models for cyber breach probability as function of security spending in protecting a firm’s ICT systems. We derive optimal level of security investment as percentage of value-at-risk. We show that the upper bound of optimal investment can be 1/e, 1/√2π or other percentages of value-at-risk, depending on the cyber breach probability model. We apply the models to derive optimal security budget allocation for protecting ICT systems with multiple areas of vulnerability and multiple data assets. Our analysis highlights the importance of security measures to cover the full spectrum of areas of vulnerability; neglecting one area of vulnerability can render the security investment ineffective and wasteful. Moreover, optimal economic value can be achieved by differential treatment of a firm’s high-value data assets.
Keywords: Economics of Information Security; Cyber Breach Probability; Security Budget Allocation
JEL Classification: C61
Suggested Citation: Suggested Citation