The proposed model for cybersecurity overcomes many of the issues with current standards and methods in cyber security risk management, mostly based on risk matrices. Most saliently, CYBECO aims at providing ground-breaking advances in modelling the presence of adversaries in a cybersecurity context form the ARA perspective, later integrated in a cyber risk management strategy; a rigorous framework for cyber insurance, with appropriate pricing and segmentation, benefitting from Structured Expert Judgment (SEJ) methodologies to cope with lack of attack data and Multi-Attribute Utility Theory (MAUT) methods to properly value assets; from the technological point of view, CYBECO aims at providing a prototype tool implementing the framework to support risk management decision making in cybersecurity as well as providing policy insights into behavioural nudging in cybersecurity. CYBECO’s proposition has clearly a foundational nature, since it provides a new twist to cybersecurity, validated through experiments. It, therefore, covers the three transformational directions:
- As science is concerned, it aims to provide new methods for incorporating the nature of adversarial actions in risk calculations for cybersecurity and cyberinsurance, new methods for countering lack of attack data through SEJ, better founded risk management approaches in cybersecurity, beyond risk matrices, and an integrated framework for deciding cybersecurity investments.
- As technology is concerned, a prototype tool which implements key aspects of the model and incorporates behavioural cyber security findings, and better founded and designed cyber insurance products.
- Finally, as society is concerned, a more rigorous framework for deciding cybersecurity investments and the identification of cybersecurity nudges, facilitating the development and adoption of more secure ICT practices, therefore benefiting society at large.