REAL

Managing the financial impact of cybersecurity incidents

Bederna, Zsolt and Szádeczky, Tamás (2023) Managing the financial impact of cybersecurity incidents. SECURITY DEFENCE QUARTERLY, 41 (1). pp. 1-21. ISSN 2300-8741 (print); 2544-994X (online)

[img]
Preview
Text
pdf-159625-89151filenameManagingthefinancial.pdf

Download (923kB) | Preview

Abstract

The complex relationships of economic actors and the high dependency on information and communication technologies make it necessary for all relevant entities to develop protection. This protection should include preventive and reactive controls in a risk-proportionate manner in relation to the business value protected. We aimed to develop a solution to support cybersecurity-related business decisions with financial analytics. The risk-based approach helps management find the optimum solution with minimal costs, where protection prevents some incidents from occurring, while the risks associated with other incidents are accepted in an informed way. The security industry developed a number of apparatuses to find the optimum security controls that enforced the fiscal aspects, which typically contain solutions used in planning. However, the actual expenditure often differs from the planned budget for several reasons, one of which isthe occurrence of security incidents. We used the common methodology toolset for financial analysis (NPV, NFV, risk assessment). We developed novel metrics based on these that can be used in cybersecurity management. Within the framework thus defined, the article discusses the economic context of the effects of incidents involving Meta (previously Facebook) services from 2016 to 2020. This paper introduces the ‘Effect of incidents’ metric to measure the impact of unplanned incidents’ on actual expenditure compared to the planned budget and the ‘Incidence of incident recognition’ metric to measure deviations of an incident’s impact as perceived by owners relative to the effect on the value of the assets. The paper also proves the applicability of those metrics using the example of Meta.

Item Type: Article
Uncontrolled Keywords: economic analysis; cybersecurity; economic impact; cybersecurity incidents;
Subjects: H Social Sciences / társadalomtudományok > HB Economic Theory / közgazdaságtudomány
H Social Sciences / társadalomtudományok > HF Commerce / kereskedelem > HF5001-6182 Business management / üzleti menedzsment
SWORD Depositor: MTMT SWORD
Depositing User: MTMT SWORD
Date Deposited: 22 Sep 2023 11:40
Last Modified: 22 Sep 2023 11:40
URI: http://real.mtak.hu/id/eprint/174500

Actions (login required)

Edit Item Edit Item