Search results

Peace, war and international security is an area in which economists are often conspicuous by their absence, to a degree that rivals the importance of economic issues to the problems at hand. It is getting to the point where the supposed ‘imperialism’ of economics in the social science (Fine, 2001) is reversed and the political scientists, international relations and other such groups exclude the economists and take on the economics themselves. It is not unusual to find studies of post-conflict reconstruction in which economics is surprisingly found to be important. In the case of the World Bank, it came as a great shock to the other social scientists when economists started to argue that economics might have a major role to play in understanding civil wars (Collier et al., 2003). Economists do have the gift of overstatement and a tendency to state unpleasant truths in a clear and precise way that can disturb other social scientists, whose indignation and overreaction reflected this. More recently the debate has reached a more civilised recognition of the complexity of such issues (Arnson & Zartman, 2005; Berdal & Malone, 2000).

The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches of students’ and staff’s data. This paper aims to investigate education technology (EdTech) vendors’ responsibility for this cyber (in)security challenge, with a particular focus on EdTech in India as a case study.

Theoretically, building on the security economics literature, the paper establishes a link between the dynamics of the EdTech market and the education sector’s cyber insecurities and investigates the various economic barriers that stand in the way of improving EdTech vendors’ security practices. Empirically, the paper analyses publicly reported cyber incidents targeting the Indian education sector and EdTech companies in the past 10 years as published in newspapers, using the LexisNexis database. It also examines existing EdTech procurement challenges in India and elsewhere and develops a number of policy recommendations to address the misaligned incentives and information asymmetries between EdTech vendors and educational institutions.

Market forces alone cannot create sufficient incentives for EdTech vendors to prioritise security in product design. Considering the infant stage of the EdTech industry, the lack of evidence about the efficacy of EdTech tools, the fragmentation in the EdTech market and the peculiarities of educational institutions as end-users, a regulatorily and policy intervention is needed to secure education through procurement processes.

This paper introduces a novel exploration to the cybersecurity challenge in the education sector, an area of research and policy analysis that remains largely understudied. By adding a cybersecurity angle, the paper also contributes to the literature using a political economy approach in scrutinising EdTech.

Defence economics is often not perceived as a subject, but as a series of questions that arise in the intersection between the spheres of strategy (the art of a general, the specialist in the use of force) and the sphere of economy (the processes of production, distribution and incentives). This overlap between economics and strategy occurs at the individual, the national and the systemic levels. This intersection or overlap is a contested terrain since economists and strategic studies specialists bring very different presuppositions to the party. Defence economics study take account of the realities of strategy, but the models it brings to the party are those of economists.

The purpose of this paper is to demonstrate how to find the optimal investment level in protecting an organisation’s assets.

This study integrates a case study of an international financial organisation with various methods and theories in security economics and mathematics, such as value-at-risk (VaR), Monte Carlo simulation, exponential and Poisson probability distributions. Thereby it combines theory and empirical findings to establish a new approach to determining optimal security investment levels.

The results indicate that optimal security investment levels can be found through computer simulation with historical incident data to find VaR. By combining various scenarios, the convex graph of the risk cost function has been plotted, where the minimum of the graph represents the optimal invest level for an asset.

The limitations of the research include a modest number of loss observations from one case study, and the use of normal probability distribution. The approach has limitations where there are no historical data available or the data has zero losses. These areas should undergo further research including larger data set of losses and exploring other probability distributions.

The results can be used by leading business practitioners to assist them with decision making on investment to the increased protection of an asset.

The originality of this research is in its new way of combining theories with historical data to create methods to measure theoretical and empirical strength of a control (or set of controls) and translating it to loss probabilities and loss sizes.

The purpose of this paper is to investigate the optimality of various strategies for spending on information security. Being able to understand the strengths and weaknesses of spending strategies is useful to organizations.

The author's analysis begins with a whole‐systems view of the security spending decision that encompasses people, technology, and economics and a taxonomy of justifications is presented for spending on information security. Each justification within the taxonomy is discussed, with that analysis used to examine the apparent rationality of a number of common spending strategies. A model is constructed that can be used in a practical manner to enable an organization to select a rational approach to spending on information security.

The author describes two spending strategies intended to be simple and straightforward for an organization to employ in a practical manner. These strategies account for a number of weaknesses in common justifications for spending on information security. They also take into consideration the observation that a number of pressures push companies towards inefficiency in their spending.

When faced with budgeting decisions, managers are bound by fiduciary duty to identify those investments that will maximize shareholder value. As such, decisions about spending must be carefully considered and evaluated in rational economic terms. This paper provides useful thinking on this important topic.

International security is a constant threat to the pursuit of economic optimum. In the traditional economic analysis history, states are seen as agents in constant search for power, which leads to the emergence of conflicts of interests. The modern concept of security can be defined as the economic study of all the risks of short, medium and long term on the functioning of economic and social life. It can be divided into four sublevels: individual security, national security, international security and global security. The adoption of an enlarged approach to international security by integrating economic and environmental conditions highlights the expression of new collective priorities. Today, theories of security take into account the economic, human and social relationships, societal priorities and the balance of power in the international system. Human security implies a multi-disciplinary analysis, including human rights, state organisation, international relations and strategic studies. Security and sustainable development are deeply interconnected, which involves bearable production conditions for the environment in the long term, the end of extreme poverty, the creation of social stability and the rejection of discrimination.

In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.

The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.

The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.

This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.

Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.

The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.

Since the first Volume of this Bibliography there has been an explosion of literature in all the main areas of business. The researcher and librarian have to be able to uncover specific articles devoted to certain topics. This Bibliography is designed to help. Volume III, in addition to the annotated list of articles as the two previous volumes, contains further features to help the reader. Each entry within has been indexed according to the Fifth Edition of the SCIMP/SCAMP Thesaurus and thus provides a full subject index to facilitate rapid information retrieval. Each article has its own unique number and this is used in both the subject and author index. The first Volume of the Bibliography covered seven journals published by MCB University Press. This Volume now indexes 25 journals, indicating the greater depth, coverage and expansion of the subject areas concerned.

This paper aims to examine optimal decisions for information security investments for a firm in a fuzzy environment. Under both sequential and simultaneous attack scenarios, optimal investment of firm, optimal efforts of attackers and their economic utilities are determined.

Throughout the analysis, a single firm and two attackers for a “firm as a leader” in a sequential game setting and “firm versus attackers” in a simultaneous game setting are considered. While the firm makes investments to secure its information assets, the attackers spend their efforts to launch breaches.

It is observed that the firm needs to invest more when it announces its security investment decisions ahead of attacks. In contrast, the firm can invest relatively less when all agents are unaware of each other’s choices in advance. Further, the study reveals that attackers need to exert higher effort when no agent enjoys the privilege of being a leader.

In a novel approach, inherent system vulnerability of the firm, financial benefit of attackers from the breach and monetary loss suffered by the firm are considered, as fuzzy variables in the well-recognized Gordon – Loeb breach function, with the help of fuzzy expectation operator.

This study reports that the optimal breach effort exerted by each attacker is proportional to its obtained economic benefit for both sequential and simultaneous attack scenarios. A set of numerical experiments and sensitivity analyzes complement the analytical modeling.

In a novel approach, inherent system vulnerability of the firm, financial benefit of attackers from the breach and monetary loss suffered by the firm are considered, as fuzzy variables in the well-recognized Gordon – Loeb breach function, with the help of fuzzy expectation operator.