SECAdvisor: a Tool for Cybersecurity Planning using Economic Models
For digitized companies, this tool addresses the challenge of balancing cybersecurity protection with budget constraints by integrating economic and technical dimensions.
SECAdvisor is a tool that uses economic models to support cybersecurity planning, helping companies determine optimal investment and select cost-efficient protections. Evaluations show usability and effectiveness in real-world training activities.
Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve a better cybersecurity strategy. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models. SECAdvisor allows to (a) understand the risks and valuation of different businesses' information, (b) calculate the optimal investment in cybersecurity for a company, (c) receive a recommendation of protections based on the budget available and demands, and (d) compare protection solutions in terms of cost-efficiency. Furthermore, evaluations on usability and real-world training activities performed using SECAdvisor are discussed.