What drives cybersecurity investment?

Organizational factors and perspectives from decision-makers

Master thesis (2017)

Authors

J.L. de Vries Technology, Policy and Management

Contributors

W. Pieters (supervisor 1)
M. Kroesen (supervisor 1)
P.H.A.J.M. van Gelder (supervisor 1)
Faculty
Technology, Policy and Management
Copyright: © 2017 Jennie de Vries
Cybersecurity Investment Perspectives Decision-making Risk-management
More Info
expand_more

Published Date

29-09-2017

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Abstract

One of the leading perspectives from literature is that decisions about investments should be made based on a comprehensive cost-benefit analysis and on a cyber-risk assessment. However, many organizations do not undertake this sophisticated analyses due to the lack of available data about costs, benefits and the impact and likelihood of attacks. This study tries to increase the understanding of this decision-making process, and how organizational factors and individual perspectives influence this process. The Global Information Security Survey has been subjected to a latent class analysis to find investment strategies and organizational factors that influence these. Four different investment strategies were identified and mainly differ in their initial investment and change in the coming twelve months. Organizational factors that influence these investment strategies are size, revenue, type (public/private) and budget and other factors as regulation, management awareness, incidents and type of risks. We used the q-method to investigate underlying perspectives from decision-makers. Four different perspective were found and differ in their focus on concerns, resilience, hierarchy and flexibility.