IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v7y2019i7p587-d244632.html
   My bibliography  Save this article

Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization

Author

Listed:
  • Lu Xu

    (School of Information Management, Central China Normal University, Wuhan 430079, Hubei, China)

  • Yanhui Li

    (School of Information Management, Central China Normal University, Wuhan 430079, Hubei, China)

  • Jing Fu

    (Institute of Agricultural Economy and Technology, Hubei Academy of Agricultural Sciences, Wuhan 430064, Hubei, China)

Abstract

Network interconnection and information sharing among firms and their departments expose them to cybersecurity breaches. Traditional cybersecurity studies have paid little attention to the reallocation of security investment within firms. This paper proposes a mathematical model for optimal allocation of cybersecurity investment among headquarters and branches with budget constraints. The differences in size of information sets and system interconnection have been taken into account. The responses of optimal allocation to internal and external factors, such as the portion of branch information set, the propagation probability, the budget constraints, and the intrinsic vulnerability, have been studied in deep both theoretically and numerically. Analysis results indicate that the group will give priority to protecting headquarters when the total budget is small and intrinsic vulnerability is high. The security investment allocated to each branch increases with budget, propagation probability and portion of information set, but never exceeds 1 / ( n + 1 ) of total budget. Numerical simulations also verify that security information sharing among headquarters and branches can help improve the efficiency of security investment in the whole system. Furthermore, the findings of this paper will draw attention to the reallocation of cybersecurity investment within a business group and help cybersecurity managers to develop investment allocation strategies and policies.

Suggested Citation

  • Lu Xu & Yanhui Li & Jing Fu, 2019. "Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization," Mathematics, MDPI, vol. 7(7), pages 1-20, July.
    • Handle: RePEc:gam:jmathe:v:7:y:2019:i:7:p:587-:d:244632
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/7/7/587/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/7/7/587/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 2.
    2. Derrick Huang, C. & Hu, Qing & Behara, Ravi S., 2008. "An economic analysis of the optimal information security investment in the case of a risk-averse firm," International Journal of Production Economics, Elsevier, vol. 114(2), pages 793-804, August.
    3. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    4. Meilin He & Laura Devine & Jun Zhuang, 2018. "Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision‐Theoretic Approach," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 215-225, February.
    5. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 4.
    6. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 3.
    7. Xinbao Liu & Xiaofei Qian & Jun Pei & Panos M. Pardalos, 2018. "Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size," Journal of Global Optimization, Springer, vol. 70(2), pages 413-436, February.
    8. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 2.
    9. Stephen M. Robinson, 1991. "An Implicit-Function Theorem for a Class of Nonsmooth Functions," Mathematics of Operations Research, INFORMS, vol. 16(2), pages 292-309, May.
    10. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 1.
    11. Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
    12. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 4.
    13. Editorial Article, 0. "The Information for Authors," Economics of Contemporary Russia, Regional Public Organization for Assistance to the Development of Institutions of the Department of Economics of the Russian Academy of Sciences, issue 3.
    14. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    15. Nagurney, Anna & Shukla, Shivani, 2017. "Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability," European Journal of Operational Research, Elsevier, vol. 260(2), pages 588-600.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Muhammad Mudassar Yamin & Mohib Ullah & Habib Ullah & Basel Katt & Mohammad Hijji & Khan Muhammad, 2022. "Mapping Tools for Open Source Intelligence with Cyber Kill Chain for Adversarial Aware Security," Mathematics, MDPI, vol. 10(12), pages 1-25, June.
    2. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    3. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    4. Loretta Mastroeni & Alessandro Mazzoccoli & Maurizio Naldi, 2023. "Cyber Insurance Premium Setting for Multi-Site Companies under Risk Correlation," Risks, MDPI, vol. 11(10), pages 1-18, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kritana Prueksakorn & Cheng-Xu Piao & Hyunchul Ha & Taehyeung Kim, 2015. "Computational and Experimental Investigation for an Optimal Design of Industrial Windows to Allow Natural Ventilation during Wind-Driven Rain," Sustainability, MDPI, vol. 7(8), pages 1-22, August.
    2. Hualin Xie & Jinlang Zou & Hailing Jiang & Ning Zhang & Yongrok Choi, 2014. "Spatiotemporal Pattern and Driving Forces of Arable Land-Use Intensity in China: Toward Sustainable Land Management Using Emergy Analysis," Sustainability, MDPI, vol. 6(6), pages 1-17, May.
    3. Stephan E. Maurer & Andrei V. Potlogea, 2021. "Male‐biased Demand Shocks and Women's Labour Force Participation: Evidence from Large Oil Field Discoveries," Economica, London School of Economics and Political Science, vol. 88(349), pages 167-188, January.
    4. Tie Hua Zhou & Ling Wang & Keun Ho Ryu, 2015. "Supporting Keyword Search for Image Retrieval with Integration of Probabilistic Annotation," Sustainability, MDPI, vol. 7(5), pages 1-18, May.
    5. T. Karski, 2019. "Opinions and Controversies in Problem of The So-Called Idiopathic Scoliosis. Information About Etiology, New Classification and New Therapy," Biomedical Journal of Scientific & Technical Research, Biomedical Research Network+, LLC, vol. 12(5), pages 9612-9616, January.
    6. Wesley Mendes-da-Silva, 2020. "What Makes an Article be More Cited?," RAC - Revista de Administração Contemporânea (Journal of Contemporary Administration), ANPAD - Associação Nacional de Pós-Graduação e Pesquisa em Administração, vol. 24(6), pages 507-513.
    7. Wisdom Akpalu & Mintewab Bezabih, 2015. "Tenure Insecurity, Climate Variability and Renting out Decisions among Female Small-Holder Farmers in Ethiopia," Sustainability, MDPI, vol. 7(6), pages 1-16, June.
    8. Wei Chen & Shu-Yu Liu & Chih-Han Chen & Yi-Shan Lee, 2011. "Bounded Memory, Inertia, Sampling and Weighting Model for Market Entry Games," Games, MDPI, vol. 2(1), pages 1-13, March.
    9. David Harborth & Sebastian Pape, 2020. "Empirically Investigating Extraneous Influences on the “APCO” Model—Childhood Brand Nostalgia and the Positivity Bias," Future Internet, MDPI, vol. 12(12), pages 1-16, December.
    10. Taeyeoun Roh & Yujin Jeong & Byungun Yoon, 2017. "Developing a Methodology of Structuring and Layering Technological Information in Patent Documents through Natural Language Processing," Sustainability, MDPI, vol. 9(11), pages 1-19, November.
    11. He-Yau Kang & Amy H. I. Lee & Tzu-Ting Huang, 2016. "Project Management for a Wind Turbine Construction by Applying Fuzzy Multiple Objective Linear Programming Models," Energies, MDPI, vol. 9(12), pages 1-15, December.
    12. A. B. Atkinson & Stephen P. Jenkins, 2020. "A Different Perspective on the Evolution of UK Income Inequality," Review of Income and Wealth, International Association for Research in Income and Wealth, vol. 66(2), pages 253-266, June.
    13. Haiyan Xu & Yanhui Ding & Jing Sun & Kun Zhao & Yuanjian Chen, 2019. "Dynamic Group Recommendation Based on the Attention Mechanism," Future Internet, MDPI, vol. 11(9), pages 1-15, September.
    14. Adina Letiţia Negruşa & Valentin Toader & Aurelian Sofică & Mihaela Filofteia Tutunea & Rozalia Veronica Rus, 2015. "Exploring Gamification Techniques and Applications for Sustainable Tourism," Sustainability, MDPI, vol. 7(8), pages 1-30, August.
    15. Ahmad N. Alkenani & Mohammad Ashraf & Ghulam Mohammad, 2020. "Quantum Codes from Constacyclic Codes over the Ring F q [ u 1 , u 2 ]/〈 u 1 2 - u 1 , u 2 2 - u 2 , u 1 u 2 - u 2 u 1 〉," Mathematics, MDPI, vol. 8(5), pages 1-11, May.
    16. Shang-Yuan Chen & Jui-Ting Huang, 2012. "A Smart Green Building: An Environmental Health Control Design," Energies, MDPI, vol. 5(5), pages 1-16, May.
    17. Yanhong Feng & Xu Yu & Gai-Ge Wang, 2019. "A Novel Monarch Butterfly Optimization with Global Position Updating Operator for Large-Scale 0-1 Knapsack Problems," Mathematics, MDPI, vol. 7(11), pages 1-31, November.
    18. Xiaoshu Cao & Feiwen Liang & Huiling Chen & Yongwei Liu, 2017. "Circuity Characteristics of Urban Travel Based on GPS Data: A Case Study of Guangzhou," Sustainability, MDPI, vol. 9(11), pages 1-21, November.
    19. S. B. Reshetnikov & M. R. Skirdov, 2017. "Analysis of methodological approaches to determination and assessment of the human capital," Russian Journal of Industrial Economics, MISIS, vol. 10(1).
    20. Mi Jung Son & Jin Han Park & Ka Hyun Ko, 2019. "Some Hesitant Fuzzy Hamacher Power-Aggregation Operators for Multiple-Attribute Decision-Making," Mathematics, MDPI, vol. 7(7), pages 1-33, July.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:7:y:2019:i:7:p:587-:d:244632. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.