|
Zaina Dkaidek
|
Year 3 Student – 2021 Intake – Cohort 3 My academic background is in business management, finance, economics, and an MSc in security studies. I have also had work experience within country risk analysis. Currently, my research interests lie within cyber security policy, cyber’s global impact concerning international security and the altering balance of power, the national economic implications of cybersecurity, and cyber diplomacy. I am looking forward to expanding my knowledge and exploring the various areas of cyber security while utilising and enhancing my existing skill sets. |
| PhD Project |
Determining the Optimal Level of Cyber Security Investment
Cyber risk relevance and its impact on industry is growing significantly. This escalation is due to society’s increasing digitisation extending ICT systems’ attack surface, which form the backbone of advanced economies. Securing these systems is often complex and expensive, giving malicious actors numerous opportunities to exploit them. Therefore, firms must prioritise mitigating specific threats and vulnerabilities due to the probability and scope uncertainties of potential attacks. Currently, historical data is a poor proxy and insufficient for well-grounded cyber risk predictions; thus, determining which potential cyber security incidents to prepare for is a challenge. Furthermore, due to the increasing interdependence and interconnectedness of the cyber security realm, institutions are only as strong as their weakest link.
Thus, organisations need to invest not only at a level that reduces their financial risks but also accounts for their interconnectedness and potential security externalities that could emerge from insufficient investments. These can leave great potential for negative externalities or decisions which can significantly impact all stakeholders, includingfirms, the general public, supply chains, and critical infrastructures. An entity must instead attempt to reach of level of security to allow resilience within these interdependent systems which will help in quickly bouncing back from and successfully responding to concerted attacks without high costs to firms and the public.
This study aims to produce a model that offers a scientific basis for high-level decision-making concerning the optimal investment in cyber security across various industries. It willconsider investment in cyber security tools and human knowledge based on the Cyber Security Body of Knowledge (CyBOK) framework and also be able to adapt to the dynamic cyber security landscape. Ultimately, this model seeks to provide a cyber security investment methodology that would steer organisations to select the appropriate cyber security controls to maximise their benefit, not just at the firm but also at the socially optimal level.
Supervisors: Dr Joanna Syrda (Bath), Professor Adam Joinson (Bath)
|
| PhD Project |
