Journal of Information Security

Volume 6, Issue 1 (January 2015)

ISSN Print: 2153-1234   ISSN Online: 2153-1242

Google-based Impact Factor: 3.79  Citations  

Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model

HTML  XML Download Download as PDF (Size: 2564KB)  PP. 24-30  
DOI: 10.4236/jis.2015.61003    7,324 Downloads   10,487 Views  Citations

ABSTRACT

Cyber security breaches inflict costs to consumers and businesses. The possibility also exists that a cyber security breach may shut down an entire critical infrastructure industry, putting a nation’s whole economy and national defense at risk. Hence, the issue of cyber security investment has risen to the top of the agenda of business and government executives. This paper examines how the existence of well-recognized externalities changes the maximum a firm should, from a social welfare perspective, invest in cyber security activities. By extending the cyber security investment model of Gordon and Loeb [1] to incorporate externalities, we show that the firm’s social optimal investment in cyber security increases by no more than 37% of the expected externality loss.

Share and Cite:

Gordon, L. , Loeb, M. , Lucyshyn, W. and Zhou, L. (2015) Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model. Journal of Information Security, 6, 24-30. doi: 10.4236/jis.2015.61003.

Cited by

[1] Dangerous games: A literature review on cybersecurity investments
Journal of Economic Surveys, 2022
[2] Expanding the Gordon-Loeb model to cyber-insurance
Computers & Security, 2022
[3] Cybersecurity For Defense Economists
Defence and Peace Economics, 2022
[4] Unravelling the dynamic complexity of cyber-security: Towards identifying core systemic structures driving cyber-security investment decision-making
2022
[5] A study of detection of abnormal network traffic: A comparison of multiple algorithms
Security and Privacy, 2022
[6] A proposed Framework for Studying the Impact of Cybersecurity on Accounting Information to Increase Trust in The Financial Reports in the Context of Industry 4.0: An …
التجارة والتمويل, 2022
[7] Making Markets for Information Security: The Role of Online Platforms in Bug Bounty Programs
arXiv preprint arXiv:2204.06905, 2022
[8] The Economics of Sharing Unclassified Cyber Threat Intelligence by Government Agencies and Departments
Journal of Information Security, 2022
[9] Cybersecurity Leadership from a Telemedicine/Telehealth Knowledge and Organizational Development Examination
2022
[10] Impact of Internal Control, Cybersecurity Risk, and Competitive Advantage on Retail Cybersecurity Budget
2022
[11] Web security assessment and strategy optimization based on attack-defense game
2022
[12] Defining
… : Lessons from the Public …, 2021
[13] An Interdisciplinary Study of Cybersecurity Investment in the Nonprofit Sector
American Journal of Management, 2021
[14] Pricing Cyber Security Insurance
Journal of Mathematical …, 2021
[15] Cybersecurity Aspects of Location-Based Services (LBS) in 5G Networks
2021 IEEE 21st …, 2021
[16] Understanding incentives for cybersecurity investments: Development and application of a typology
Digital Business, 2021
[17] Systematically Understanding Cybersecurity Economics: A Survey
Sustainability, 2021
[18] Cybersecurity, Personal Data Protection and Crime Prevention from an Italian Perspective
2021
[19] The best laid plans or lack thereof: Security decision-making of different stakeholder groups
2021
[20] The Benefits and Costs of Cybersecurity Risk Reduction: A Dynamic Extension of the Gordon and Loeb Model
2021
[21] Cyber-Security: Dos Attack Outcomes are Dangerous
2021
[22] Introducing the concept of cybersecurity footprint
2021
[23] Economic model for evaluating the value creation through information sharing within the cybersecurity information sharing ecosystem
2021
[24] Information Security Protection of Power System Computer Network
2021
[25] Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures
2021
[26] Business Strategies to Improve Internal and External Data Security Risks
2021
[27] Shared Wireless Infrastructures in Large Public Venues: Case Studies on Preventing Data Breaches
2021
[28] Three Essays on Cyber Risk Management
2021
[29] Identifying Challenges in Cybersecurity Incident Response: a Generic Qualitative Inquiry
2021
[30] МНОГОКРИТЕРИАЛЬНАЯ ОПТИМИЗАЦИОННАЯ ЗАДАЧА ПОИСКА ОПТИМАЛЬНЫХ СТРАТЕГИЙ ФИНАНСИРОВАНИЯ СРЕДСТВ ЗАЩИТЫ ИНФОРМАЦИИ …
… и коммуникаций им. М …, 2020
[31] Analysis of Models for Selection of Investment Strategies
2020
[32] Information Segmentation and Investing in Cybersecurity
2020
[33] Knowledge absorption for cyber-security: The role of human beliefs
2020
[34] Attack-Defense Game Model: Research on Dynamic Defense Mechanism of Network Security
2020
[35] Information security in healthcare supply chains: an analysis of critical information protection practices
2020
[36] The role of leadership in cybersecurity culture within the South African financial services
Electronic Theses and Dissertations (ETD), 2020
[37] Usage of Mathematical Models for Cybersecurity Analysis
2020
[38] Cybersecurity Risk-Responsibility Taxonomy: The Role of Cybersecurity Social Responsibility in Small Enterprises on Risk of Data Breach
2020
[39] Segurança da informação nas cadeias de suprimentos de saúde: uma análise das práticas críticas de proteção de informações
2020
[40] Investigating the impact of IT security investments on competitor's market value: Evidence from Korea stock market
Asia Pacific Journal of Information …, 2020
[41] Networks of Critical Infrastructures: Cost Estimation and Defense of Attacks
2020
[42] Insurability of Critical Infrastructures
2020
[43] ANALYSIS OF MATHEMATICAL MODELS OF INVESTMENT STRATEGIES IN THE UNIVERSITY ON CYBER SECURITY SYSTEMS
2020
[44] Seeking Ethical use of AI Algorithms: Challenges and Mitigations
2020
[45] Return on Cybersecurity Investment in Operational Technology Systems: Quantifying the Value That Cybersecurity Technologies Provide after Integration.
2020
[46] Cyber-Attacks From the Political Economy Perspective and Turkey
2020
[47] Quantifiable & Comparable Evaluations of Cyber Defensive Capabilities: A Survey & Novel, Unified Approach
2020
[48] A Visual Tool for the Analysis of Cybersecurity Investments
2020
[49] On the Extraction of Cyber Risks using Structured Products
2019
[50] Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management
2019
[51] Analysis of Energy Delivery Sector Malware Attack Response Mechanisms
2019
[52] A Cybersecurity Dataset Derived from the National Collegiate Penetration Testing Competition
2019
[53] Hybrid and cybersecurity threats and the European Union's financial system
Policy Contribution, 2019
[54] Cybersecurity in accounting research
2019
[55] SUPPLEMENTING ISRM MODELS BY KRI IMPLEMENTATION
2019
[56] Hybrid and cybersecurity threats and the European Union's financial system. Policy Contribution Issue n˚ 10| September 2019. Bruegel
2019
[57] A Holistic Approach to Evaluating Cyber Security Defensive Capabilities
2019
[58] Economic perspective analysis of protecting big data security and privacy
2019
[59] Snatched secrets: Cybercrime and trade secrets modelling a firm's decision to report a theft of trade secrets
2019
[60] To share or not to share: a behavioral perspective on human participation in security information sharing
2019
[61] The Game-Theoretic and Model-Based Method for Analysis of Power System Cyber-Physical Security
2019
[62] Cybersecurity Information Sharing Ecosystems: From the Perspective of Value Creation and Security Investments
2019
[63] Research on the game of information security investment based on the Gordon-Loeb model
2018
[64] An Empirical Study of Relationship between Information Security Investment and Information Security Incidents: A Focus on Information Security Training, Awareness …
2018
[65] 정보보안 투자가 침해사고에 미치는 영향에 대한 실증분석: 정보보안 교육 서비스 투자를 중심으로
2018
[66] МОДЕЛЬ СТРАТЕГІЙ ІНВЕСТУВАННЯ В СИСТЕМИ КІБЕРБЕЗПЕКИ СИТУАЦІЙНИХ ЦЕНТРІВ ТРАНСПОРТУ
2018
[67] 정보보안 투자가 침해사고에 미치는 영향에 대한 실증분석
Journal of the Korea Institute of Information Security & Cryptology, 2018
[68] Trade secrets and cyber security breaches
Journal of Accounting and Public Policy, 2018
[69] THE ART AND SCIENCE OF INFORMATION SECURITY INVESTMENTS FOR SMALL ENTERPRISES
2018
[70] Towards a Development of Cybersecurity Risk-Responsibility Taxonomy of Small Enterprises for Data Breach Risk Mitigation
2018
[71] MODEL OF INVESTMENT STRATEGIES IN CYBER SECURITY SYSTEMS OF TRANSPORT SITUATIONAL CENTERS
2018
[72] ARCADES: analysis of risk from cyberattack against defensive strategies for the power grid
2018
[73] Governance Models Preferences for Security Information Sharing: An Institutional Economics Perspective for Critical Infrastructure Protection
2018
[74] Strategy Formulation through Identification Of Asset Management Problem Of The Gorontalo City Government
IOSR Journal Of Humanities And Social Science, 2018
[75] ARCADES: Analysis of Risk from Cyber Attack against DEfensive Strategies for power grid
2018
[76] Motivating Cybersecurity Compliance in Critical Infrastructure Industries: A Grounded Theory Study
ProQuest Dissertations Publishing, 2018
[77] Incentives for Human Agents to Share Security Information: a Model and an Empirical Test
2018
[78] 基于 Gordon-Loeb 模型的信息安全投资博弈研究
2018
[79] 불완전 정보 하의 정보보호 투자 모델 및 투자 수준
Journal of the Korea Institute of Information Security & Cryptology, 2017
[80] Estimation of externalities in interdependent security: A case study of large systems
2017
[81] Internalization of Externalities in Interdependent Security: Large Network Cases
2017
[82] Challenges of Public-Private Partnerships in Cybersecurity
ProQuest Dissertations Publishing, 2017
[83] Calibration of the Gordon-Loeb Models for the Probability of Security Breaches
UKSim-AMSS 19th International Conference on Modelling & Simulation, 2017
[84] Effects of Data Breaches on Sector-Wide Systematic Risk in Financial, Technology, Healthcare and Services Sectors
ProQuest Dissertations Publishing, 2017
[85] Knowledge Set of Attack Surface and Cybersecurity Rating for Firms in a Supply Chain
SSRN, 2017
[86] Cybersecurity Cost of Quality: Managing the Costs of Cybersecurity Risk Management
2017
[87] La Cyber Security: una nuova sfida per le aziende
2017
[88] A Survey Of New Development In Cyber Security And Networks
Journal of Multidisciplinary Engineering Science and Technology, 2017
[89] Longitudinal analysis of information security incident spillover effects
2017
[90] Information Security Investment Model and Level in Incomplete Information
2017
[91] Cybersecurity investment guidance: Extensions of the Gordon and Loeb model
2016
[92] МЕТОД УПРАЛІННЯ ЗАГАЛЬНИМ СТАНОМ ЗАХИЩЕНОСТІ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ КОМПАНІЇ ЗА ДОПОМОГОЮ АНАЛІЗУ ПРИЧИННО …
2016
[93] Integrating Cyber Losses into the Standard Microeconomics of the Consumer and Firm: Defining Losses in the Gordon and Loeb Model
2016
[94] Using Incentives to Foster Security Information Sharing and Cooperation: A General Theory and Application to Critical Infrastructure Protection
Critical Information Infrastructures Security, 2016
[95] Метод упраління загальним станом захищеності інформаційної безпеки компанії за допомогою аналізу причинно-наслідкових взаємозв'язків за методом …
2016
[96] МЕТОД УПРАЛІННЯ ЗАГАЛЬНИМ СТАНОМ ЗАХИЩЕНОСТІ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ КОМПАНІЇ ЗА ДОПОМОГОЮ АНАЛІЗУ ПРИЧИННОНАСЛІДКОВИХ ВЗАЄМОЗВ'ЯЗКІВ ЗА МЕТОДОМ ІСІКАВИ
ЕКОНОМІЧНА НАУКА, 2016
[97] ИНФОРМАЦИОННЫЕ РИСКИ: МОДЕЛИ РИСКОВ, ИССЛЕДОВАНИЕ И ИСПОЛЬЗОВАНИЕ
ЕКОНОМІЧНА НАУКА, 2016
[98] Cybersecurity: Integrating Information into the Microeconomics of the Consumer and the Firm
2016
[99] HACKING INDUCED EXTERNALITIES AND THE APATHY OF STOCKHOLDERS
2016
[100] Examining Data Privacy Breaches in Healthcare
Walden Dissertations and Doctoral Studies, 2016
[101] Cybersecurity Investments with Nonlinear Budget Constraints: Analysis of the Marginal Expected Utilities
2016
[102] Segurança da informação na cadeia de suprimentos da saúde: uma análise das práticas de proteção de informações críticas
2016
[103] Security countermeasures in the cyber-world
2016
[104] Multifirm Models of Cybersecurity Investment Competition vs. Cooperation and Network Vulnerability
European Journal of Operational Research, 2016
[105] A Supply Chain Game Theory Framework for Cybersecurity Investments Under Network Vulnerability
2015
[106] Increasing cybersecurity investments in private sector firms
Journal of Cybersecurity, 2015
[107] Investing in Cybersecurity
2015
[108] Cybersecurity Investment Guidance: A Note on Extensions of the Gordon and Leob model
2015
[109] Применение экономико-стоимостных моделей информационных рисков для оценивания предельных объемов инвестиций в безопасность информации
Захист інформації, 2015
[110] ЗАСТОСУВАННЯ ЕКОНОМІКО-ВАРТІСНИХ МОДЕЛЕЙ ІНФОРМАЦІЙНИХ РИЗИКІВ ДЛЯ ОЦІНЮВАННЯ ГРАНИЧНОГО ОБСЯГУ ІНВЕСТИЦІЙ В БЕЗПЕКУ ІНФОРМАЦІЇ
Захист інформації, 2015
[111] Information Security in the Cloud: Should We be Using a Different Approach?
2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015
[112] ОСОБЛИВОСТІ ВИЗНАЧЕННЯ ОБСЯГУ ІНВЕСТИЦІЙ В СИСТЕМУ ЗАХИСТУ ІНФОРМАЦІЙНИХ РЕСУРСІВ
2015
[113] Аналіз та оптимізація функцій і завдань центральних органів виконавчої влади із управління водними ресурсами в Україні
2015
[114] ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ КОМПАНИИ НА ОСНОВЕ МЕТОДА АНАЛИЗА ПРИЧИННО-СЛЕДСТВЕННЫХ ВЗАИМОСВЯЗЕЙ
2015
[115] Ризиковий підхід до визначення граничного обсягу інвестицій у захист інформації
2015
[116] Investeren in Cybersecurity
2015
[117] Применение экономико-стоимостных моделей информационных рисков для оценивания предельных объемов инвестиций в безопасность …
Захист інформації, 2015
[118] ЗАСТОСУВАННЯ ЕКОНОМІКО-ВАРТІСНИХ МОДЕЛЕЙ ІНФОРМАЦІЙНИХ РИЗИКІВ ДЛЯ ОЦІНЮВАННЯ ГРАНИЧНОГО ОБСЯГУ ІНВЕСТИЦІЙ В БЕЗПЕКУ …
[119] Hezah! Ransomware: Externalities, Cost Internalization, and Security Investment Intentionality
[120] A literature review on the role of cybersecurity in changing management accounting, auditing and governance.

Journals Menu
Follow SCIRP
Contact us
+1 323-425-8868
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.