2019
DOI: 10.1007/978-3-030-36027-6_13
|View full text |Cite
|
Sign up to set email alerts
|

SEConomy: A Framework for the Economic Assessment of Cybersecurity

Abstract: Cybersecurity concerns are one of the significant side effects of an increasingly interconnected world, which inevitably put economic factors into perspective, either directly or indirectly. In this context, it is imperative to understand the significant dependencies between complex and distributed systems (e.g., supply-chain), as well as security and safety risks associated with each actor. This paper proposes SEConomy, a strictly step-based framework to measure economic impact of cybersecurity activities in … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
7
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
3
2
2

Relationship

2
5

Authors

Journals

citations
Cited by 11 publications
(7 citation statements)
references
References 15 publications
0
7
0
Order By: Relevance
“…Initially, a literature review was conducted to identify the most common threats and challenges for SMEs. Next, an analysis of each of these threats' economic impacts has been conducted using the steps defined by the SEConomy framework, as proposed by Rodrigues et al (2019). Finally, state-of-the-art approaches, as mapped in Section 2, and key steps to reduce the risks and costs of executing cybersecurity projects (acquisition, training, operation) have been investigated.…”
Section: Methodsmentioning
confidence: 99%
“…Initially, a literature review was conducted to identify the most common threats and challenges for SMEs. Next, an analysis of each of these threats' economic impacts has been conducted using the steps defined by the SEConomy framework, as proposed by Rodrigues et al (2019). Finally, state-of-the-art approaches, as mapped in Section 2, and key steps to reduce the risks and costs of executing cybersecurity projects (acquisition, training, operation) have been investigated.…”
Section: Methodsmentioning
confidence: 99%
“…A cyber insurance is offered for companies, governments, or individuals, who want to reduce or share financial risks of an attack and which shall cover costs for recovering from an incident [7]. Typically, the process of cyber insurance contract creation involves three main steps: (i) Risk identification, which is based on the identification of assets that can be affected by different threats [14], (ii) Risk analysis, which determines the likelihood of a threat and also its impact, and (iii) Contract establishment with a focus on coverage specifications and premium definition. With the increase of cyberattacks and their actual impacts, the cyber insurance market also has to evolve to handle different aspects, such as incomplete, asymmetric, or even insufficient data for pricing premiums and coverage, lack of regulations and standards, and the gap between cybersecurity and risk transfer [5].…”
Section: Background and Related Workmentioning
confidence: 99%
“…Predictions state that cybercrime will cost the world 10.5 trillion US$ annually by 2025, up from 3 trillion US$ in 2015, which represents the most significant transfer of economic wealth in history [9]. In this sense, to reduce the impact of successful attacks and to enable companies to recover faster and with less costs, different cybersecurity investment strategies have been investigated [14], in which one of the most prominent strategies includes cyber insurance coverage models [12]. Although the cyber insurance market is fast-paced and is under strong development [6], [7], cyber insurance approaches still have room to advance from a rarely used risk transfer tool to a critical requirement for companies risk management.…”
Section: Introductionmentioning
confidence: 99%
“…The adoption of efficient cybersecurity strategies in SMEs is challenging because of constraints mainly associated with the lack of a cybersecurity budget, unskilled human resources, and limited time allocated to cybersecurity planning [12]. This can lead to disastrous impacts on business, including financial losses due to cyberattacks, mitigation of costs, and inefficient management of protections [23]. From a humancentric perspective, simplifying the cybersecurity decisionmaking process requires clear and straightforward approaches for SMEs [22].…”
Section: Introductionmentioning
confidence: 99%