Publication Details
Abstract
Cybersecurity is an important strategic issue to an organization in the modern, digitized world. Attempting to combat the threat an organization faces is a challenge due to shortage in budget and quick-changing threat landscape within the organization, as organizations are not able to effectively set their priorities on where to and how to invest in cybersecurity. The difficulty is in reaching the compromise between financial limitations and the necessity to eliminate the most serious threats. This study bridges this gap, where the author suggests a decision support framework based on business analytics to assist in cybersecurity investment prioritization. This paper analyses the breach data by using the Kaggle real-life dataset named the Cybersecurity Breaches Information 2010 - 2023 in analyzing the incidents of breach across organizations, departments, and systems. The data includes critical data, such as breach types, individuals affected, the department officials involved and places of data breach, and an approximate figure on the number of data that are lost. Using descriptive and predictive analytics methods the study finds patterns and areas of high risk and the data-driven methods of investment can be done. The heart of a proposed framework is a multi-criteria prioritization model which considers the impact factors such as the severity of a breach, the sensitivity of data, the risk exposure of a business unit and the frequency of a breach. The exposure to risks is determined by a formula of composite scoring, where the variables received weights including the number of people affected overall, the breach type and the projection of the volumes of data lost. The framework also prioritizes cybersecurity investments in order of urgency and anticipated level of risk reduction to match it with risk tolerance level of the organization strategy goals.