Search results

In cybersecurity economics, the selection of a particular methodology is a matter of interest and importance for the researchers. Methodologically sophisticated research forms an essential basis for understanding the challenges and opportunities for the richer descriptions of the behavior of cybersecurity practitioners (i.e., what they are doing and why they are doing it). This requires a broad and self-reflective approach to understand the use of a technique in socio-technical research within cybersecurity economics. Such understanding recognizes that research in this field involves more than just applying a method to create knowledge and diffuse it throughout society, organizations, and governments. This paper argues in favor of a multi-paradigmatic approach to cybersecurity economics research. Rather than adopting a single paradigm, this study suggests that results will be more prosperous and reliable if different methods from different existing paradigms are combined. Hence, it puts forward the desirability and feasibility of the multi-paradigmatic approach in cybersecurity economics research. It also outlines several practical guidelines that help design multi-paradigmatic research studies. These are illustrated with a critical evaluation of three examples of studies. ; publishedVersion

Insights in the field of cybersecurity economics empower decision makers to make informed decisions that improve their evaluation and management of situations that may lead to catastrophic consequences and threaten the sustainability of digital ecosystems. By drawing on these insights, cybersecurity practitioners have been able to respond to many complex problems that have emerged within the context of cybersecurity over the last two decades. The academic field of cybersecurity economics is highly interdisciplinary since it combines core findings and tools from disciplines such as sociology, psychology, law, political science, and computer science. This study aims to develop an extensive and consistent survey based on a literature review and publicly available reports. This review contributes by aggregating the available knowledge from 28 studies, out of a collection of 628 scholarly articles, to answer five specific research questions. The focus is how identified topics have been conceptualized and studied variously. This review shows that most of the cybersecurity economics models are transitioning from unrealistic, unverifiable, or highly simplified fundamental premises toward dynamic, stochastic, and generalizable models. ; publishedVersion