Calibration of the Gordon-Loeb Models for the Probability of Security Breaches

Abstract

Security breaches provoke increasingly high economic losses, requiring higher investment in security. The models by Gordon and Loeb are the most prominent tool employed to assess the impact of security investments on the probability of security breaches, but the estimation of their parameters remains an elusive issue. In this paper the impact of the investment productivity parameters in both Gordon- Loeb models is investigated, and a method is proposed for their estimation. The method employs a least-squares procedure and requires the amount of investments in security over period and the corresponding observed loss due to security breaches.