NSF-BSF: SaTC: CORE: Small: Evaluating Cybersecurity Precautions and Harms in Israeli Enterprises
University Of Tulsa, Tulsa OK
Investigators
Abstract
Even though organizations are investing heavily in cybersecurity, they often cannot answer basic questions about the effectiveness of their investments, such as which defenses reduce the risk of suffering an incident, and by how much. They struggle to accurately quantify the financial costs of the harms resulting from successful attacks. This project seeks to improve understanding of how firm-level cybersecurity practices affect these outcomes by focusing on the case of Israeli enterprises. By bringing together leading scholars in the economics of cybersecurity with the Israeli National Cyber Directorate (INCD), the project helps advance the cybersecurity of the state of Israel and its organizations. Moreover, it advances the scientific understanding of cyber risk management while serving as a model for future data collection and analysis undertaken in the U.S. and beyond. The project focuses on three key research objectives. First, a series of empirical analyses examine how exposure and security precautions of enterprises affect likelihood of experiencing a cyber incident. The analysis leverages data from detailed firm-level surveys carried out by Israelís Central Bureau of Statistics (CBS), complemented by external measurements of enterprise cyber hygiene gathered directly from public sources. The second research objective is to quantify the harms resulting from experiencing an incident. For this effort, the project analyzes data gathered by the Israeli CERT hotline that asks enterprise victims about the impacts resulting from ransomware attacks. Additionally, CBS survey questions involving harm are analyzed. The third research objective is to develop and analyze longitudinal cyber risk indicators. The project team collaborates with INCD and CBS to analyze longitudinal data obtained from readministering the survey in subsequent years. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →