Dynamic Modeling of Cybersecurity Investments under Ambiguity

Abstract

In the recent study on cybersecurity investments, particularly in the research papers on modeling the cybersecurity threats, threats to an organization’s information systems are considered to be a probability measure, whereas, cybersecurity threats are stochastic by their nature, thus a dynamic approach is needed for proper modeling. The most frequently used method targeted at analysing cybersecurity investments is the Gordon and Loeb investment model, which presents the threat as static, therefore, it does not address the dynamic nature of cybersecurity investments. In this paper, under the complex and stochastic nature of cybersecurity threats and the high-level uncertainty in cyber environment, cybersecurity threats are modeled as stochastic processes under ambiguity using the Choquet-Brownian motions. The paper concludes that modeling cybersecurity threats through Choquet-Brownian motions effectively addresses the dynamic nature of cybersecurity threats under ambiguity and enables to calculate the benefits from a cybersecurity project by referring to capacities and basing on discounted Choquet integrals rather than probabilities and Lebesgue integrals. It should also be noted, that the use of Choquet-Brownian motions for modeling cybersecurity threats attaches special significance to the modeling of cybersecurity investments under ambiguity.