Building cybersecurity resilience: integrating defense and recovery investment strategies in an expected resilience framework

IF 7.4 3区管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE

Journal of Enterprise Information Management Pub Date : 2024-10-23 DOI:10.1108/jeim-04-2023-0189

Kunxiang Dong, Jie Zhen, Zongxiao Xie, Lin Chen

{"title":"Building cybersecurity resilience: integrating defense and recovery investment strategies in an expected resilience framework","authors":"Kunxiang Dong, Jie Zhen, Zongxiao Xie, Lin Chen","doi":"10.1108/jeim-04-2023-0189","DOIUrl":null,"url":null,"abstract":"<h3>Purpose</h3>\n<p>To remain competitive in an unpredictable environment where the complexity and frequency of cybercrime are rapidly increasing, a cyber resiliency strategy is vital for business continuity. However, one of the barriers to improving cyber resilience is that security defense and accident recovery do not combine efficaciously, as embodied by emphasizing cyber security defense strategies, leaving firms ill-prepared to respond to attacks. The present study thus develops an expected resilience framework to assess cyber resilience, analyze cyber security defense and recovery investment strategies and balance security investment allocation strategies.</p>\n<h3>Design/methodology/approach</h3>\n<p>Based on the expected utility theory, this paper presents an expected resilience framework, including an expected investment resilience model and an expected profit resilience model that directly addresses the optimal joint investment decisions between defense and recovery. The effects of linear and nonlinear recovery functions, risk interdependence and cyber insurance on defense and recovery investment are also analyzed.</p>\n<h3>Findings</h3>\n<p>According to the findings, increasing the defense investment coefficient reduces defense and recovery investment while increasing the expected resilience. The nonlinear recovery function requires a smaller defense investment and overall security investment than the linear one, reflecting the former’s advantages in lowering cybersecurity costs. Moreover, risk interdependence has positive externalities for boosting defense and recovery investment, meaning that the expected profit resilience model can reduce free-riding behavior in security investments. Insurance creates moral hazard for firms by lowering defensive investment, yet after purchasing insurance, expanded coverage and cost-effectiveness incentivize firms to increase defense and recovery spending, respectively.</p>\n<h3>Originality/value</h3>\n<p>The paper is innovative in its methodology as it offers an expected cyber resilience framework for integrating defense and recovery investment and their effects on security investment allocation, which is crucial for building cybersecurity resilience but receives little attention in cybersecurity economics. It also provides theoretical advances for cyber resilience assessment and optimum investment allocation in other fields, such as cyber-physical systems, power and water infrastructure – moving from a resilience triangle metric to an expected utility theory-based method.</p>","PeriodicalId":47889,"journal":{"name":"Journal of Enterprise Information Management","volume":"67 1","pages":""},"PeriodicalIF":7.4000,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Enterprise Information Management","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1108/jeim-04-2023-0189","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Purpose

To remain competitive in an unpredictable environment where the complexity and frequency of cybercrime are rapidly increasing, a cyber resiliency strategy is vital for business continuity. However, one of the barriers to improving cyber resilience is that security defense and accident recovery do not combine efficaciously, as embodied by emphasizing cyber security defense strategies, leaving firms ill-prepared to respond to attacks. The present study thus develops an expected resilience framework to assess cyber resilience, analyze cyber security defense and recovery investment strategies and balance security investment allocation strategies.

Design/methodology/approach

Based on the expected utility theory, this paper presents an expected resilience framework, including an expected investment resilience model and an expected profit resilience model that directly addresses the optimal joint investment decisions between defense and recovery. The effects of linear and nonlinear recovery functions, risk interdependence and cyber insurance on defense and recovery investment are also analyzed.

Findings

According to the findings, increasing the defense investment coefficient reduces defense and recovery investment while increasing the expected resilience. The nonlinear recovery function requires a smaller defense investment and overall security investment than the linear one, reflecting the former’s advantages in lowering cybersecurity costs. Moreover, risk interdependence has positive externalities for boosting defense and recovery investment, meaning that the expected profit resilience model can reduce free-riding behavior in security investments. Insurance creates moral hazard for firms by lowering defensive investment, yet after purchasing insurance, expanded coverage and cost-effectiveness incentivize firms to increase defense and recovery spending, respectively.

Originality/value

The paper is innovative in its methodology as it offers an expected cyber resilience framework for integrating defense and recovery investment and their effects on security investment allocation, which is crucial for building cybersecurity resilience but receives little attention in cybersecurity economics. It also provides theoretical advances for cyber resilience assessment and optimum investment allocation in other fields, such as cyber-physical systems, power and water infrastructure – moving from a resilience triangle metric to an expected utility theory-based method.

查看原文本刊更多论文

建设网络安全复原力：在预期复原力框架中整合防御和恢复投资战略

目的为了在网络犯罪的复杂性和频率迅速增加的不可预测环境中保持竞争力，网络复原力战略对业务连续性至关重要。然而，提高网络复原力的障碍之一是安全防御与事故恢复不能有效结合，这体现在强调网络安全防御战略，使企业在应对攻击时准备不足。因此，本研究建立了一个预期弹性框架来评估网络弹性，分析网络安全防御和恢复投资策略，平衡安全投资分配策略。设计/方法/途径基于预期效用理论，本文提出了一个预期弹性框架，包括预期投资弹性模型和预期利润弹性模型，直接解决防御和恢复之间的最优联合投资决策问题。本文还分析了线性和非线性恢复函数、风险相互依存和网络保险对防御和恢复投资的影响。研究结果根据研究结果，增加防御投资系数会减少防御和恢复投资，同时增加预期恢复力。与线性恢复函数相比，非线性恢复函数所需的防御投资和总体安全投资更少，这反映了前者在降低网络安全成本方面的优势。此外，风险相互依存对促进防御和恢复投资具有正外部性，这意味着预期利润恢复力模型可以减少安全投资中的搭便车行为。保险会降低防御性投资，从而给企业带来道德风险，但在购买保险后，扩大的覆盖范围和成本效益又会分别激励企业增加防御性和恢复性支出。原创性/价值本文在方法论上具有创新性，因为它提供了一个预期网络弹性框架，用于整合防御性投资和恢复性投资及其对安全投资分配的影响，这对于建立网络安全弹性至关重要，但在网络安全经济学中却很少受到关注。它还为其他领域（如网络物理系统、电力和水利基础设施）的网络复原力评估和最佳投资分配提供了理论进展--从复原力三角度量法转向基于预期效用理论的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Enterprise Information Management Multiple-

CiteScore

14.80

自引率

6.20%

发文量

期刊介绍： The Journal of Enterprise Information Management (JEIM) is a significant contributor to the normative literature, offering both conceptual and practical insights supported by innovative discoveries that enrich the existing body of knowledge. Within its pages, JEIM presents research findings sourced from globally renowned experts. These contributions encompass scholarly examinations of cutting-edge theories and practices originating from leading research institutions. Additionally, the journal features inputs from senior business executives and consultants, who share their insights gleaned from specific enterprise case studies. Through these reports, readers benefit from a comparative analysis of different environmental contexts, facilitating valuable learning experiences. JEIM's distinctive blend of theoretical analysis and practical application fosters comprehensive discussions on commercial discoveries. This approach enhances the audience's comprehension of contemporary, applied, and rigorous information management practices, which extend across entire enterprises and their intricate supply chains.