{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T03:39:06Z","timestamp":1773805146349,"version":"3.50.1"},"reference-count":105,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,2,13]],"date-time":"2025-02-13T00:00:00Z","timestamp":1739404800000},"content-version":"vor","delay-in-days":43,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001729","name":"Swedish Foundation for Strategic Research","doi-asserted-by":"publisher","award":["SM22-0057"],"award-info":[{"award-number":["SM22-0057"]}],"id":[{"id":"10.13039\/501100001729","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100009123","name":"Norwegian University of Science and Technology","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100009123","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>This paper presents an in-depth examination of the use of simulations in economic cybersecurity decision-making, highlighting the dual nature of their potential and the challenges they present. Drawing on examples from existing studies, we explore the role of simulations in generating new knowledge about probabilities and consequences in the cybersecurity domain, which is essential in understanding and managing risk and uncertainty. Additionally, we introduce the concepts of \u201cbookkeeping\u201d and \u201cabstraction\u201d within the context of simulations, discussing how they can sometimes fail and exploring the underlying reasons for their failures. This discussion leads us to suggest a framework of considerations for effectively utilizing simulations in cybersecurity. This framework is designed not as a rigid checklist but as a guide for critical thinking and evaluation, aiding users in assessing the suitability and reliability of a simulation model for a particular decision-making context. Future work should focus on applying this framework in real-world settings, continuously refining the use of simulations to ensure they remain effective and relevant in the dynamic field of cybersecurity.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf003","type":"journal-article","created":{"date-parts":[[2025,1,23]],"date-time":"2025-01-23T07:17:38Z","timestamp":1737616658000},"source":"Crossref","is-referenced-by-count":2,"title":["The use of simulations in economic cybersecurity decision-making"],"prefix":"10.1093","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2804-4630","authenticated-orcid":false,"given":"Mazaher","family":"Kianpour","sequence":"first","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science and Technology , H\u00f8gskoleringen 1, 7034 Trondheim ,","place":["Norway"]},{"name":"RISE Research Institutes of Sweden , P.O. Box 1263, SE-164 29 Kista ,","place":["Sweden"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2017-7914","authenticated-orcid":false,"given":"Ulrik","family":"Franke","sequence":"additional","affiliation":[{"name":"RISE Research Institutes of Sweden , P.O. Box 1263, SE-164 29 Kista ,","place":["Sweden"]},{"name":"Swedish Defence University , P.O. Box 278 05, SE-115 93 Stockholm ,","place":["Sweden"]},{"name":"KTH Royal Institute of Technology , SE-100 44 Stockholm ,","place":["Sweden"]}]}],"member":"286","published-online":{"date-parts":[[2025,2,13]]},"reference":[{"key":"2025092301112540900_bib1","doi-asserted-by":"crossref","first-page":"1035","DOI":"10.1111\/rego.12341","article-title":"Emerging technologies and problem definition uncertainty: the case of cybersecurity","volume":"15","author":"Lewallen","year":"2021","journal-title":"Regul Governance"},{"key":"2025092301112540900_bib2","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1016\/j.infsof.2015.06.001","article-title":"The Tarpit \u2013 a general theory of software engineering","volume":"70","author":"Johnson","year":"2016","journal-title":"Inform Software Tech"},{"key":"2025092301112540900_bib3","doi-asserted-by":"crossref","first-page":"101769","DOI":"10.1016\/j.techsoc.2021.101769","article-title":"The cybersecurity labour shortage in Europe: moving to a new concept for education and training","volume":"67","author":"Bla\u017ei\u010d","year":"2021","journal-title":"Technol Soc"},{"key":"2025092301112540900_bib4","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1080\/23738871.2022.2116346","article-title":"Who\u2019s in charge and how does it work? US cybersecurity of critical infrastructure","volume":"7","author":"Bronk","year":"2022","journal-title":"J Cyber Policy"},{"key":"2025092301112540900_bib5","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.1108\/MRR-04-2013-0085","article-title":"Information security awareness and behavior: a theory-based literature review","volume":"37","author":"Lebek","year":"2014","journal-title":"Manag Res Rev"},{"key":"2025092301112540900_bib6","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1177\/0018720812464045","article-title":"Cyber situation awareness: modeling detection of cyber attacks with instance-based learning theory","volume":"55","author":"Dutt","year":"2013","journal-title":"Hum Fact"},{"key":"2025092301112540900_bib7","doi-asserted-by":"crossref","first-page":"610","DOI":"10.1126\/science.1130992","article-title":"The economics of information security","volume":"314","author":"Anderson","year":"2006","journal-title":"Science"},{"key":"2025092301112540900_bib8","doi-asserted-by":"crossref","first-page":"1066","DOI":"10.1126\/science.aaz4795","article-title":"Cyber risk research impeded by disciplinary barriers","volume":"366","author":"Falco","year":"2019","journal-title":"Science"},{"key":"2025092301112540900_bib9","doi-asserted-by":"crossref","first-page":"13677","DOI":"10.3390\/su132413677","article-title":"Systematically understanding cybersecurity economics: a survey","volume":"13","author":"Kianpour","year":"2021","journal-title":"Sustainability"},{"key":"2025092301112540900_bib10","first-page":"1","article-title":"Identifying how firms manage cybersecurity investment","volume-title":"Workshop on the Economics of Information Security (WEIS)","author":"Moore","year":"2016"},{"key":"2025092301112540900_bib11","article-title":"Understanding","volume-title":"The Stanford Encyclopedia of Philosophy","author":"Grimm","year":"2021","edition":"2021 edn."},{"key":"2025092301112540900_bib12","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1109\/SP40001.2021.00053","article-title":"SoK: quantifying cyber risk","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP)","author":"Woods","year":"2021"},{"key":"2025092301112540900_bib13","doi-asserted-by":"crossref","first-page":"150","DOI":"10.1109\/EuroSPW55150.2022.00021","article-title":"Reviewing estimates of cybercrime victimisation and cyber risk likelihood","volume-title":"Proceedings of the 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","author":"Woods","year":"2022"},{"key":"2025092301112540900_bib14","doi-asserted-by":"crossref","first-page":"698","DOI":"10.1057\/s41288-022-00266-6","article-title":"Cyber risk and cybersecurity: a systematic review of data availability","volume":"47","author":"Cremer","year":"2022","journal-title":"Geneva Pap Risk Insur Iss Pract"},{"key":"2025092301112540900_bib15","first-page":"103","article-title":"The economics of cybersecurity: principles and policy options","volume":"3","author":"Moore","year":"2010","journal-title":"Int J Crit Infr Prot"},{"key":"2025092301112540900_bib16","first-page":"505","article-title":"The cybersecurity partnership: a proposal for cyberthreat information sharing between contractors and the federal government","volume":"44","author":"Rodin","year":"2015","journal-title":"Public Contract Law J"},{"key":"2025092301112540900_bib17","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","article-title":"A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing","volume":"60","author":"Skopik","year":"2016","journal-title":"Comput Secur"},{"key":"2025092301112540900_bib18","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.giq.2017.02.007","article-title":"Building cybersecurity awareness: the need for evidence-based framing strategies","volume":"34","author":"De\u00a0Bruijn","year":"2017","journal-title":"Gov Inform Quart"},{"key":"2025092301112540900_bib19","first-page":"29","article-title":"A research agenda to improve decision making in cyber security policy","volume":"5","author":"Dean","year":"2017","journal-title":"Penn State J Law Int Aff"},{"key":"2025092301112540900_bib20","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1080\/23738871.2022.2111997","article-title":"The need for cybersecurity data and metrics: empirically assessing cyberthreat","volume":"7","author":"Valeriano","year":"2022","journal-title":"J Cyber Policy"},{"key":"2025092301112540900_bib21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/23738871.2024.2335461","article-title":"Evidence-based cybersecurity policy? A meta-review of security control effectiveness","volume":"8","author":"Woods","year":"2023","journal-title":"J Cyber Policy"},{"key":"2025092301112540900_bib22","doi-asserted-by":"crossref","DOI":"10.1093\/0195158709.001.0001","volume-title":"Extending Ourselves: Computational Science, Empiricism, and Scientific Method","author":"Humphreys","year":"2004"},{"key":"2025092301112540900_bib23","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/978-3-662-03366-1_2","article-title":"Advancing the art of simulation in the social sciences","volume-title":"Simulating Social Phenomena","author":"Axelrod","year":"1997"},{"key":"2025092301112540900_bib24","volume-title":"The Sciences of the Artificial","author":"Simon","year":"1996","edition":"3rd edn."},{"key":"2025092301112540900_bib25","doi-asserted-by":"crossref","first-page":"tyab005","DOI":"10.1093\/cybsec\/tyab005","article-title":"Simulation for cybersecurity: state of the art and future directions","volume":"7","author":"Kavak","year":"2021","journal-title":"J Cybersecur"},{"key":"2025092301112540900_bib26","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3548682","article-title":"Making sense of the unknown: how managers make cyber security decisions","volume":"32","author":"Shreeve","year":"2023","journal-title":"ACM T Softw Eng Meth"},{"key":"2025092301112540900_bib27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3419101","article-title":"\u201cSo If Mr Blue Head Here Clicks the Link...\u201d risk thinking in cyber security decision making","volume":"24","author":"Shreeve","year":"2020","journal-title":"ACM Trans Priv Secur"},{"key":"2025092301112540900_bib28","volume-title":"Choices: An introduction to Decision Theory","author":"Resnik","year":"1987"},{"key":"2025092301112540900_bib29","volume-title":"Risk, Uncertainty and Profit","author":"Knight","year":"1921"},{"key":"2025092301112540900_bib30","first-page":"1","article-title":"On the economics and analysis of diversity","volume":"28","author":"Stirling","year":"1998","journal-title":"Sci Pol Res Unit"},{"key":"2025092301112540900_bib31","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","author":"Gordon","year":"2002","journal-title":"ACM Trans Inf Syst Secur"},{"key":"2025092301112540900_bib32","doi-asserted-by":"crossref","first-page":"651","DOI":"10.1016\/j.dss.2010.08.017","article-title":"Firms\u2019 information security investment decisions: stock market evidence of investors\u2019 behavior","volume":"50","author":"Chai","year":"2011","journal-title":"Decis Support Syst"},{"key":"2025092301112540900_bib33","doi-asserted-by":"crossref","first-page":"030901","DOI":"10.1115\/1.4046739","article-title":"Digital twins: state-of-the-art and future directions for modeling and simulation in engineering dynamics applications","volume":"6","author":"Wagg","year":"2020","journal-title":"ASCE-ASME J Risk Uncertainty Eng Syst Part B Mech Eng"},{"key":"2025092301112540900_bib34","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1109\/5992.909006","article-title":"Computer-assisted reasoning","volume":"3","author":"Bankes","year":"2001","journal-title":"Comput Sci Eng"},{"key":"2025092301112540900_bib35","article-title":"Computer Simulations in Science","volume-title":"The Stanford Encyclopedia of Philosophy","author":"Winsberg","year":"2022","edition":"2022 edn."},{"key":"2025092301112540900_bib36","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1177\/1046878109353470","article-title":"The philosophy and epistemology of simulation: a review","volume":"41","author":"Gr\u00fcne-Yanoff","year":"2010","journal-title":"Simul Gam"},{"key":"2025092301112540900_bib37","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1109\/NOMSW.2010.5486590","article-title":"Decision support for systems security investment","volume-title":"Proceedings of the 2010 IEEE\/IFIP Network Operations and Management Symposium Workshops","author":"Beresnevichiene","year":"2010"},{"key":"2025092301112540900_bib38","first-page":"e3","article-title":"Modelling and simulating systems security policy","volume":"3","author":"Caulfield","year":"2016","journal-title":"EAI Endorsed Trans Secur Saf"},{"key":"2025092301112540900_bib39","doi-asserted-by":"crossref","DOI":"10.1142\/12247","volume-title":"Using Science in Cybersecurity","author":"Metcalf","year":"2021"},{"key":"2025092301112540900_bib40","doi-asserted-by":"crossref","first-page":"387","DOI":"10.1177\/030631289019003001","article-title":"Institutional ecology, translations\u2019 and boundary objects: amateurs and professionals in Berkeley\u2019s Museum of Vertebrate Zoology, 1907-39","volume":"19","author":"Star","year":"1989","journal-title":"Soc Stud Sci"},{"key":"2025092301112540900_bib41","doi-asserted-by":"crossref","first-page":"1075","DOI":"10.1016\/j.ejor.2020.10.010","article-title":"Hybrid models as transdisciplinary research enablers","volume":"291","author":"Tolk","year":"2021","journal-title":"Eur J Oper Res"},{"key":"2025092301112540900_bib42","doi-asserted-by":"crossref","first-page":"494","DOI":"10.1002\/sres.2564","article-title":"Modeling and simulation as boundary objects to facilitate interdisciplinary research","volume":"36","author":"Luna-Reyes","year":"2019","journal-title":"Syst Res Behav Sci"},{"key":"2025092301112540900_bib43","doi-asserted-by":"crossref","first-page":"107054","DOI":"10.1016\/j.aap.2023.107054","article-title":"Modelling cybersecurity regulations for automated vehicles","volume":"186","author":"Khan","year":"2023","journal-title":"Accident Anal Prev"},{"key":"2025092301112540900_bib44","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/978-94-015-8686-3_5","article-title":"The world as a process: simulations in the natural and social sciences","volume-title":"Modelling and Simulation in the Social Sciences from the Philosophy of Science Point of View","author":"Hartmann","year":"1996"},{"key":"2025092301112540900_bib45","doi-asserted-by":"crossref","first-page":"167653","DOI":"10.1109\/ACCESS.2019.2953499","article-title":"A survey on digital twin: definitions, characteristics, applications, and design implications","volume":"7","author":"Barricelli","year":"2019","journal-title":"IEEE Access"},{"key":"2025092301112540900_bib46","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MSEC.2019.2961650","article-title":"Unleashing the digital twin\u2019s potential for ics security","volume":"18","author":"Dietz","year":"2020","journal-title":"IEEE Secur Priv"},{"key":"2025092301112540900_bib47","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1145\/3442144.3442147","article-title":"Co-simulating physical processes and network data for high-fidelity cyber-security experiments","volume-title":"Proceedings of the Sixth Annual Industrial Control System Security (ICSS) Workshop","author":"Murillo","year":"2020"},{"key":"2025092301112540900_bib48","doi-asserted-by":"crossref","first-page":"e33502","DOI":"10.2196\/33502","article-title":"Toward human digital twins for cybersecurity simulations on the metaverse: ontological and network science approach","volume":"3","author":"Nguyen","year":"2022","journal-title":"JMIRx Med"},{"key":"2025092301112540900_bib49","doi-asserted-by":"crossref","first-page":"1143","DOI":"10.1007\/s11047-011-9254-0","article-title":"Digital ecosystems: ecosystem-oriented architectures","volume":"10","author":"Briscoe","year":"2011","journal-title":"Nat Comput"},{"key":"2025092301112540900_bib50","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1198\/004017007000000092","article-title":"A framework for validation of computer models","volume":"49","author":"Bayarri","year":"2007","journal-title":"Technometrics"},{"key":"2025092301112540900_bib51","doi-asserted-by":"crossref","first-page":"884","DOI":"10.1016\/j.jbusres.2007.02.004","article-title":"Building and assurance of agent-based models: an example and challenge to the field","volume":"60","author":"Midgley","year":"2007","journal-title":"J Bus Res"},{"key":"2025092301112540900_bib52","doi-asserted-by":"crossref","first-page":"100843","DOI":"10.1016\/j.elerap.2019.100843","article-title":"Effect of security investment strategy on the business value of managed security service providers","volume":"35","author":"Feng","year":"2019","journal-title":"Electron Commer Res Appl"},{"key":"2025092301112540900_bib53","article-title":"A system dynamics model of information security investments","volume-title":"Proceedings of the Fifteenth European Conference on Information Systems (ECIS)","author":"Behara","year":"2007"},{"key":"2025092301112540900_bib54","doi-asserted-by":"crossref","first-page":"869","DOI":"10.1016\/j.ejor.2015.06.032","article-title":"Sensitivity analysis: a review of recent advances","volume":"248","author":"Borgonovo","year":"2016","journal-title":"Eur J Oper Res"},{"key":"2025092301112540900_bib55","doi-asserted-by":"crossref","first-page":"553","DOI":"10.1111\/0272-4332.00039","article-title":"Identification and review of sensitivity analysis methods","volume":"22","author":"Christopher\u00a0Frey","year":"2002","journal-title":"Risk Anal"},{"key":"2025092301112540900_bib56","article-title":"Cloud Down: Impacts on the US economy","author":"Lloyd\u2019s","year":"2018"},{"key":"2025092301112540900_bib57","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1016\/j.cose.2017.04.010","article-title":"The cyber insurance market in Sweden","volume":"68","author":"Franke","year":"2017","journal-title":"Comput Secur"},{"key":"2025092301112540900_bib58","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1109\/SECPRI.2002.1004377","article-title":"Automated generation and analysis of attack graphs","volume-title":"Proceedings 2002 IEEE Symposium on Security and Privacy","author":"Sheyner","year":"2002"},{"key":"2025092301112540900_bib59","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/1314257.1314273","article-title":"Toward measuring network security using attack graphs","author":"Wang","year":"2007","journal-title":"Proceedings of the 2007 ACM workshop on Quality of Protection"},{"key":"2025092301112540900_bib60","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3230833.3232799","article-title":"A meta language for threat modeling and attack simulations","volume-title":"Proceedings of the 13th International Conference on Availability, Reliability and Security","author":"Johnson","year":"2018"},{"key":"2025092301112540900_bib61","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/CyberSA.2019.8899431","article-title":"Quantile based risk measures in cyber security","volume-title":"Proceedings of the 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","author":"Carfora","year":"2019"},{"key":"2025092301112540900_bib62","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1109\/UKSim.2017.18","article-title":"Calibration of the Gordon-Loeb models for the probability of security breaches","volume-title":"Proceedings of the 2017 UKSim-AMSS 19th International Conference on Computer Modelling and Simulation (UKSim)","author":"Naldi","year":"2017"},{"key":"2025092301112540900_bib63","doi-asserted-by":"crossref","first-page":"tyaa005","DOI":"10.1093\/cybsec\/tyaa005","article-title":"Integrating cost\u2013benefit analysis into the NIST Cybersecurity Framework via the Gordon\u2013Loeb Model","volume":"6","author":"Gordon","year":"2020","journal-title":"J Cybersecur"},{"key":"2025092301112540900_bib64","doi-asserted-by":"crossref","first-page":"102533","DOI":"10.1016\/j.cose.2021.102533","article-title":"Expanding the Gordon\u2013Loeb model to cyber-insurance","volume":"112","author":"Skeoch","year":"2022","journal-title":"Comput Secur"},{"key":"2025092301112540900_bib65","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42162-020-00134-4","article-title":"powerLang: a probabilistic attack simulation language for the power domain","volume":"3","author":"Hacks","year":"2020","journal-title":"Energy Inform"},{"key":"2025092301112540900_bib66","doi-asserted-by":"crossref","first-page":"102705","DOI":"10.1016\/j.cose.2022.102705","article-title":"VehicleLang: a probabilistic modeling and simulation language for modern vehicle IT infrastructures","volume":"117","author":"Katsikeas","year":"2022","journal-title":"Comput Secur"},{"key":"2025092301112540900_bib67","doi-asserted-by":"crossref","first-page":"103162","DOI":"10.1016\/j.cose.2023.103162","article-title":"Between a rock and a hard (ening) place: cyber insurance in the ransomware era","volume":"128","author":"Mott","year":"2023","journal-title":"Comput Secur"},{"key":"2025092301112540900_bib68","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1145\/3545795","article-title":"A turning point for cyber insurance","volume":"66","author":"Woods","year":"2023","journal-title":"Commun ACM"},{"key":"2025092301112540900_bib69","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1145\/2663716.2663758","article-title":"Analysis of SSL certificate reissues and revocations in the wake of Heartbleed","volume-title":"Proceedings of the 2014 Conference on Internet Measurement Conference","author":"Zhang","year":"2014"},{"key":"2025092301112540900_bib70","doi-asserted-by":"crossref","first-page":"442","DOI":"10.1109\/EuroSPW55150.2022.00052","article-title":"Deceptive directories and \u201cvulnerable\u201d logs: a honeypot study of the LDAP and log4j attack landscape","volume-title":"Proceedings of the 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","author":"Srinivasa","year":"2022"},{"key":"2025092301112540900_bib71","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1007\/978-1-4614-1981-5_3","article-title":"Sex, lies and cyber-crime surveys","volume-title":"Economics of Information Security and Privacy III","author":"Flor\u00eancio","year":"2013"},{"key":"2025092301112540900_bib72","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/978-3-642-39498-0_12","article-title":"Measuring the cost of cybercrime","volume-title":"The Economics of Information Security and Privacy","author":"Anderson","year":"2013"},{"key":"2025092301112540900_bib73","first-page":"134","article-title":"Detect me if you...oh wait. An internet-wide view of self-revealing honeypots","volume-title":"Proceedings of the 2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM)","author":"Morishita","year":"2019"},{"key":"2025092301112540900_bib74","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1177\/15553434231217787","article-title":"Exploratory analysis of decision-making biases of professional red teamers in a cyber-attack dataset","volume":"18","author":"Gutzwiller","year":"2024","journal-title":"J Cognit Eng Decision Mak"},{"key":"2025092301112540900_bib75","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.1145\/3132847.3132866","article-title":"Crowdsourcing cybersecurity: cyber attack detection using social media","volume-title":"Proceedings of the 2017 ACM on Conference on Information and Knowledge Management","author":"Khandpur","year":"2017"},{"key":"2025092301112540900_bib76","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: exploiting Twitter for predicting $\\lbrace$Real-World$\\rbrace$ exploits","volume-title":"Proceedings of the 24th USENIX Security Symposium (USENIX Security 15)","author":"Sabottke","year":"2015"},{"key":"2025092301112540900_bib77","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","article-title":"Hype and heavy tails: a closer look at data breaches","volume":"2","author":"Edwards","year":"2016","journal-title":"J Cybersecur"},{"key":"2025092301112540900_bib78","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1140\/epjb\/e2015-60754-4","article-title":"The extreme risk of personal data breaches and the erosion of privacy","volume":"89","author":"Wheatley","year":"2016","journal-title":"Eur Phys J B"},{"key":"2025092301112540900_bib79","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1080\/10920277.2019.1641416","article-title":"Capital requirements for cyber risk and cyber risk insurance: an analysis of Solvency II, the US risk-based capital standards, and the Swiss Solvency Test","volume":"24","author":"Eling","year":"2020","journal-title":"North Am Actuar J"},{"key":"2025092301112540900_bib80","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1093\/jfr\/fjac006","article-title":"Regulation of cyber risk in the banking system: a Canadian case study","volume":"8","author":"Peihani","year":"2022","journal-title":"J Financial Regul"},{"key":"2025092301112540900_bib81","volume-title":"Chemistry: Molecules, Matter, and Change","author":"Atkins","year":"1999"},{"key":"2025092301112540900_bib82","doi-asserted-by":"crossref","DOI":"10.1093\/hesc\/9780198505761.001.0001","volume-title":"Introductory Statistical Mechanics","author":"Bowley","year":"1999"},{"key":"2025092301112540900_bib83","doi-asserted-by":"crossref","first-page":"742","DOI":"10.1086\/425063","article-title":"How models are used to represent reality","volume":"71","author":"Giere","year":"2004","journal-title":"Philos Sci"},{"key":"2025092301112540900_bib84","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/17517575.2011.647092","article-title":"Enterprise architecture availability analysis using fault trees and stakeholder interviews","volume":"8","author":"N\u00e4rman","year":"2014","journal-title":"Enterp Inf Syst"},{"key":"2025092301112540900_bib85","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1016\/0164-1212(83)90030-4","article-title":"Software fault tree analysis","volume":"3","author":"Leveson","year":"1983","journal-title":"J Syst Softw"},{"key":"2025092301112540900_bib86","volume-title":"Distributions for Actuaries","author":"Bahnemann","year":"2015"},{"key":"2025092301112540900_bib87","doi-asserted-by":"crossref","first-page":"474","DOI":"10.1108\/JRF-09-2016-0122","article-title":"What do we know about cyber risk and cyber risk insurance?","volume":"17","author":"Eling","year":"2016","journal-title":"J Risk Finance"},{"key":"2025092301112540900_bib88","first-page":"1","article-title":"Two simple models of business interruption accumulation risk in cyber insurance","volume-title":"Proceedings of the 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","author":"Franke","year":"2019"},{"key":"2025092301112540900_bib89","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1016\/j.insmatheco.2022.08.002","article-title":"Cyber-contagion model with network structure applied to insurance","volume":"107","author":"Hillairet","year":"2022","journal-title":"Insur Math Econ"},{"key":"2025092301112540900_bib90","volume-title":"Information Security Risk Management Through Self-Protection and Insurance","author":"Ogut","year":"2005"},{"key":"2025092301112540900_bib91","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1093\/cybsec\/tyw009","article-title":"Are information security professionals expected value maximizers?: an experiment and survey-based test","volume":"2","author":"Mersinas","year":"2016","journal-title":"J Cybersecur"},{"key":"2025092301112540900_bib92","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1109\/TNSM.2015.2510080","article-title":"Experimental evidence on decision-making in availability service level agreements","volume":"13","author":"Franke","year":"2015","journal-title":"IEEE T Netw Serv Man"},{"key":"2025092301112540900_bib93","doi-asserted-by":"crossref","first-page":"258","DOI":"10.2307\/252375","article-title":"The economics of reinsurance","volume":"53","author":"Blazenko","year":"1986","journal-title":"J Risk Insur"},{"key":"2025092301112540900_bib94","volume-title":"Microeconomic Analysis","author":"Varian","year":"1992"},{"key":"2025092301112540900_bib95","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1017\/S0269964807070192","article-title":"Role of equilibrium distribution in reliability studies","volume":"21","author":"Gupta","year":"2007","journal-title":"Probab Eng Inform Sci"},{"key":"2025092301112540900_bib96","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/TNSM.2011.110811.110122","article-title":"Optimal IT service availability: shorter outages, or fewer?","volume":"9","author":"Franke","year":"2011","journal-title":"IEEE T Netw Serv Man"},{"key":"2025092301112540900_bib97","article-title":"Hackers spent 2+ years looting secrets of chipmaker NXP before being detected","author":"Goodin","year":"2023"},{"key":"2025092301112540900_bib98","first-page":"116","article-title":"The cost of incidents in essential services\u2014data from Swedish NIS reporting","volume-title":"Proceedings of the International Conference on Critical Information Infrastructures Security","author":"Franke","year":"2021"},{"key":"2025092301112540900_bib99","first-page":"24","article-title":"Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon\u2013Loeb model","volume":"6","author":"Gordon","year":"2014","journal-title":"J Inf Secur"},{"key":"2025092301112540900_bib100","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1093\/cybsec\/tyw002","article-title":"The economics of mandatory security breach reporting to authorities","volume":"2","author":"Laube","year":"2016","journal-title":"J Cybersecur"},{"key":"2025092301112540900_bib101","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1007\/978-1-4614-1981-5_10","article-title":"Economic methods and decision making by security professionals","volume-title":"Economics of Information Security and Privacy III","author":"Baldwin","year":"2013"},{"key":"2025092301112540900_bib102","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/ACSAC.2008.42","article-title":"Analysing the performance of security solutions to reduce vulnerability exposure window","volume-title":"Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC)","author":"Beres","year":"2008"},{"key":"2025092301112540900_bib103","volume-title":"Best Explanations: New Essays on Inference to the Best Explanation","author":"McCain","year":"2017"},{"key":"2025092301112540900_bib104","article-title":"S\u00e4kerhetskyddsanalys \u2013 V\u00e4gledning i s\u00e4kerhetsskydd","author":"S\u00e4kerhetspolisen","year":"2023"},{"key":"2025092301112540900_bib105","doi-asserted-by":"crossref","first-page":"102239","DOI":"10.1016\/j.cose.2021.102239","article-title":"Cyber-threat perception and risk management in the Swedish financial sector","volume":"105","author":"Varga","year":"2021","journal-title":"Comput Secur"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf003\/61867945\/tyaf003.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf003\/61867945\/tyaf003.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,23]],"date-time":"2025-09-23T05:11:51Z","timestamp":1758604311000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf003\/8011238"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":105,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf003","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf003"}}