What provides the most cybersecurity for the money?
In a new research project, researchers from the University of Skövde will develop tools to assist organisations in making wise prioritisations and selecting investments that provide the highest level of cybersecurity. The project is funded with 10 million SEK from the Swedish Civil Contingencies Agency.
In the project, researchers will develop a framework, models, and tools to help businesses and other organisations manage their investments in cybersecurity. They will receive assistance in choosing the right economic model.
"We hope that the project will help businesses and organisations to find a good balance between their resources and the protective measures required for cybersecurity," says Ali Padyab, project manager and docent in cybersecurity at the University of Skövde.
Making it easy to choose the right economic model
Over the past decade, our society has become increasingly digital, with advances in areas such as smart cities, smart industry, and infrastructure. Unfortunately, this has also led to increased risks of cyberattacks, and many organisations are now struggling to allocate their limited resources effectively to protect their assets and data.
"Our research will provide insights into various economic models and help organisations make informed decisions about how to use their cybersecurity budget. Essentially, it's about finding the best way to spend the money to achieve the most effective protection," says Ali Padyab.
The research process
In the project, researchers will map and study a variety of economic models for cybersecurity. They will investigate what the methods entail, why they are used, and what assumptions they are based on. Then they will find out why some companies do not use the methods. What obstacles exist? Is it too difficult or too expensive, for example?
Finally, they will work with companies and organisations to test the models and make it easier to choose and use them.
"The framework we are developing can be likened to a recipe for making smart economic decisions. Imagine you're baking a cake and you want to know how much flour, sugar, and eggs to use. Similarly, economic models help organisations determine how much to invest in various cybersecurity solutions for optimal protection," says Ali Padyab.
A website guiding decision-makers
He explains that the intended end product can be described as a website. A user who wants help finding the best economic model for their investment in cybersecurity can start by entering their requirements for the solution and other relevant information on the website. The website will list the models that meet the requirements, and the user can then choose one of the models.
The website will after that guide the user through the model. For example, the website can provide information on the data required for the model and where to find it, step-by-step guides, and more.
"There is quite a lot of support for organisations to work strategically with information and cybersecurity today. However it can be a challenge to navigate and find the support that best suits one's own organisational needs. A web-based tool based on the framework we will develop in the project can facilitate that kind of navigation," says Martin Lundgren, senior lecturer in cybersecurity at the University of Skövde and one of the participating researchers.