GordonLoeb Model for Cybersecurity Investments Insights from the

Gordon-Loeb Model for Cybersecurity Investments* Insights from the Gordon-Loeb Model Benefits and Costs of an Investment in Cyber/Information Security* Costs of Investment • Key components of optimal amount to invest: • Potential losses from cybersecurity breach (cost savings or lost benefits) • Vulnerabilities (including threats) or probability of breach • Productivity of investments. • Optimal level of cybersecurity investments does not always increase with level of vulnerability. • Firms should generally invest ≤ 37% of expected loss (i. e. , invest, but invest wisely). Benefits are increasing at a decreasing rate. 100% security is not possible. Level of investment in information security See You. Tube Video explaining the Gordon-Loeb Model: https: //www. youtube. com/watch? v=cd 8 d. T 0 Fuq. Q 4 *Gordon, L. A. and M. P. Loeb, “The Economics of Information Security Investment, ” ACM Transactions on Information and System Security, November 2002. *Gordon, L. A. , M. P. Loeb, and L. Zhou, “Investing in Cybersecurity: Insights from the Gordon-Loeb Model, ” Journal of Information Security, March 2016. BBB Recommends the Gordon-Loeb Model 2017 U. S. Better Business Bureau (BBB) report recommends the Gordon-Loeb Model as ". . . a useful guide for organizations trying to find the right level of cybersecurity investment. "