Maryland Professors Weigh Up Cyber Risks
By Adam Palin
How much should companies spend on bolstering their cyber defences? Lawrence Gordon and Martin Loeb, both professors of accounting at the University of Maryland's Smith School, are co-authors of an established model that helps companies to evaluate the best way to allocate their financial resources.
Companies with limited resources need to strike a balance between spending money on security and expenditure elsewhere. "At some point, the marginal benefits of spending on cybersecurity are reached," Prof Gordon says.
Calculating the gains associated with increased security is problematic, given that cybersecurity is a cost-saving – rather than revenue-generating – project. "If you do the job right, you don’t see the benefits," adds Prof Gordon. Estimates of losses or liabilities must be considered only when weighed against the likelihood of a cyber attack, he continues...
May 21, 2013