A system dynamics approach for cost-benefit simulation in designing policies to enhance the cybersecurity resilience of small and medium-sized enterprises

IF 4.6 Q2 MATERIALS SCIENCE, BIOMATERIALS ACS Applied Bio Materials Pub Date : 2024-05-06 DOI:10.1177/02666669241252996
Jihwon Song, Min Jae Park
{"title":"A system dynamics approach for cost-benefit simulation in designing policies to enhance the cybersecurity resilience of small and medium-sized enterprises","authors":"Jihwon Song, Min Jae Park","doi":"10.1177/02666669241252996","DOIUrl":null,"url":null,"abstract":"The small and medium-sized enterprises (SMEs) with limited investment capacity are likely to be lax in enhancing their cybersecurity. Therefore, to strengthen cybersecurity at a national level, governments must intervene in the market by using support or regulatory policies to overcome market failures and address weaknesses. This study reviewed the efficiency of policy options to improve corporate cybersecurity resilience for SMEs that require government support, unlike large companies that can invest in security on their own. To achieve this, a causal loop diagram was created and analyzed from the perspective of system dynamics. The model incorporated government support variables and the decline in capabilities over time into the existing corporate security investment model reflecting the standard framework for cybersecurity from NIST. The simulation scenarios were constructed based on policy options considered by the Korean government. These include 1) pre-incident or post incident support services, and 2) management through tax credits and regulation. The results indicated that incentives, specifically tax credits, rather than regulation, were more effective in strengthening cyber resilience. This study describes the investment and internal capability development of a company affected by government policy, which is an external factor, and changes in profits can be observed by adding the company's profits and costs as variables. This profit variable allows for the comparison of a company's cyber resilience across scenarios. Additionally, if the government provides direct support immediately after a hacking incident, the company can recover more quickly. If these benefits are known and if the reporting of hacking damage is activated, cyber threat visibility will be secured by revealing hacking attacks that have been secretly conducted. Governments can use cyber threat visibility to strengthen national cybersecurity.","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":null,"pages":null},"PeriodicalIF":4.6000,"publicationDate":"2024-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1177/02666669241252996","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}
引用次数: 0

Abstract

The small and medium-sized enterprises (SMEs) with limited investment capacity are likely to be lax in enhancing their cybersecurity. Therefore, to strengthen cybersecurity at a national level, governments must intervene in the market by using support or regulatory policies to overcome market failures and address weaknesses. This study reviewed the efficiency of policy options to improve corporate cybersecurity resilience for SMEs that require government support, unlike large companies that can invest in security on their own. To achieve this, a causal loop diagram was created and analyzed from the perspective of system dynamics. The model incorporated government support variables and the decline in capabilities over time into the existing corporate security investment model reflecting the standard framework for cybersecurity from NIST. The simulation scenarios were constructed based on policy options considered by the Korean government. These include 1) pre-incident or post incident support services, and 2) management through tax credits and regulation. The results indicated that incentives, specifically tax credits, rather than regulation, were more effective in strengthening cyber resilience. This study describes the investment and internal capability development of a company affected by government policy, which is an external factor, and changes in profits can be observed by adding the company's profits and costs as variables. This profit variable allows for the comparison of a company's cyber resilience across scenarios. Additionally, if the government provides direct support immediately after a hacking incident, the company can recover more quickly. If these benefits are known and if the reporting of hacking damage is activated, cyber threat visibility will be secured by revealing hacking attacks that have been secretly conducted. Governments can use cyber threat visibility to strengthen national cybersecurity.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
在设计加强中小型企业网络安全复原力的政策时进行成本效益模拟的系统动力学方法
投资能力有限的中小型企业(SMEs)在加强网络安全方面可能会有所松懈。因此,要在国家层面加强网络安全,政府必须利用支持或监管政策干预市场,克服市场失灵,解决薄弱环节。中小企业需要政府的支持,而大公司则可以自行投资于安全领域,本研究审查了提高中小企业网络安全复原力的政策选择的效率。为此,我们创建了一个因果循环图,并从系统动力学的角度进行了分析。该模型将政府支持变量和随时间推移能力下降纳入现有的企业安全投资模型,反映了 NIST 的网络安全标准框架。模拟情景是根据韩国政府考虑的政策选项构建的。这些方案包括:1)事故前或事故后支持服务;2)通过税收减免和监管进行管理。结果表明,在加强网络复原力方面,激励措施(特别是税收减免)比监管更为有效。本研究描述了受政府政策影响的公司投资和内部能力发展情况,政府政策是外部因素,通过将公司的利润和成本作为变量相加,可以观察到利润的变化。通过利润变量可以比较公司在不同情况下的网络复原力。此外,如果政府在黑客事件发生后立即提供直接支持,公司可以更快地恢复。如果知道这些好处,并启动黑客攻击损失报告机制,网络威胁可视性将通过揭露秘密进行的黑客攻击而得到保障。政府可以利用网络威胁可见性加强国家网络安全。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACS Applied Bio Materials
ACS Applied Bio Materials Chemistry-Chemistry (all)
CiteScore
9.40
自引率
2.10%
发文量
464
期刊最新文献
A Systematic Review of Sleep Disturbance in Idiopathic Intracranial Hypertension. Advancing Patient Education in Idiopathic Intracranial Hypertension: The Promise of Large Language Models. Anti-Myelin-Associated Glycoprotein Neuropathy: Recent Developments. Approach to Managing the Initial Presentation of Multiple Sclerosis: A Worldwide Practice Survey. Association Between LACE+ Index Risk Category and 90-Day Mortality After Stroke.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1