The SPIDER Cyber Security Investment Component (CIC)

Recent security incidents worldwide demonstrate the increase in the complexity and severity of cyber security threats. The attackers become better organized and the attack vectors are using more advanced methods and tools. Therefore, within the currently evolving and complex 5G cyber security landscape, both businesses and end-users need to find ways to enhance their cyber security preparedness level in order to safeguard their infrastructures and assets. Additionally, modern organizations need to invest in cyber security technologies to proactively address the identified cyber risks, based on the specific individual characteristics of their infrastructures. For this reason, investing in cyber security constitutes nowadays an essential financial and operational decision aiming to reduce the financial risk that successful cyber-attacks entail. In this paper, we demonstrate how capital budgeting techniques for gauging the financial risk of cyber attacks may be integrated within an optimisation model for optimal selection of mitigation measures into a single unified decision-making framework.