{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T18:23:54Z","timestamp":1779215034593,"version":"3.51.4"},"reference-count":41,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T00:00:00Z","timestamp":1729641600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JEIM"],"published-print":{"date-parts":[[2025,2,25]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>To remain competitive in an unpredictable environment where the complexity and frequency of cybercrime are rapidly increasing, a cyber resiliency strategy is vital for business continuity. However, one of the barriers to improving cyber resilience is that security defense and accident recovery do not combine efficaciously, as embodied by emphasizing cyber security defense strategies, leaving firms ill-prepared to respond to attacks. The present study thus develops an expected resilience framework to assess cyber resilience, analyze cyber security defense and recovery investment strategies and balance security investment allocation strategies.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>Based on the expected utility theory, this paper presents an expected resilience framework, including an expected investment resilience model and an expected profit resilience model that directly addresses the optimal joint investment decisions between defense and recovery. The effects of linear and nonlinear recovery functions, risk interdependence and cyber insurance on defense and recovery investment are also analyzed.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>According to the findings, increasing the defense investment coefficient reduces defense and recovery investment while increasing the expected resilience. The nonlinear recovery function requires a smaller defense investment and overall security investment than the linear one, reflecting the former\u2019s advantages in lowering cybersecurity costs. Moreover, risk interdependence has positive externalities for boosting defense and recovery investment, meaning that the expected profit resilience model can reduce free-riding behavior in security investments. Insurance creates moral hazard for firms by lowering defensive investment, yet after purchasing insurance, expanded coverage and cost-effectiveness incentivize firms to increase defense and recovery spending, respectively.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>The paper is innovative in its methodology as it offers an expected cyber resilience framework for integrating defense and recovery investment and their effects on security investment allocation, which is crucial for building cybersecurity resilience but receives little attention in cybersecurity economics. It also provides theoretical advances for cyber resilience assessment and optimum investment allocation in other fields, such as cyber-physical systems, power and water infrastructure \u2013 moving from a resilience triangle metric to an expected utility theory-based method.<\/jats:p><\/jats:sec>","DOI":"10.1108\/jeim-04-2023-0189","type":"journal-article","created":{"date-parts":[[2024,10,21]],"date-time":"2024-10-21T07:34:16Z","timestamp":1729496056000},"page":"502-531","source":"Crossref","is-referenced-by-count":3,"title":["Building cybersecurity resilience: integrating defense and recovery investment strategies in an expected resilience framework"],"prefix":"10.1108","volume":"38","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4321-9347","authenticated-orcid":false,"given":"Kunxiang","family":"Dong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1090-9907","authenticated-orcid":false,"given":"Jie","family":"Zhen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zongxiao","family":"Xie","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9409-7218","authenticated-orcid":false,"given":"Lin","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2024,10,23]]},"reference":[{"issue":"13","key":"key2025022807063029500_ref001","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2020.106977","article-title":"A quantitative approach for assessment and improvement of network resilience","volume":"200","year":"2020","journal-title":"Reliability Engineering and System Safety"},{"issue":"1","key":"key2025022807063029500_ref002","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1016\/j.ejor.2021.04.025","article-title":"Risk and resilience-based optimal post-disruption restoration for critical infrastructures under uncertainty","volume":"296","year":"2022","journal-title":"European Journal of Operational Research"},{"issue":"23","key":"key2025022807063029500_ref003","doi-asserted-by":"publisher","DOI":"10.3390\/su132313065","article-title":"Digitalization capabilities for sustainable cyber resilience: a conceptual framework","volume":"13","year":"2021","journal-title":"Sustainability"},{"key":"key2025022807063029500_ref004","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2021.113580","article-title":"A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs","volume":"147","year":"2021","journal-title":"Decision Support Systems"},{"issue":"12","key":"key2025022807063029500_ref005","doi-asserted-by":"publisher","first-page":"8979","DOI":"10.1287\/mnsc.2022.4300","article-title":"Economics of ransomware: risk interdependence and large-scale attacks","volume":"68","year":"2022","journal-title":"Management Science"},{"key":"key2025022807063029500_ref006","doi-asserted-by":"publisher","DOI":"10.3127\/ajis.v27i0.4183","article-title":"Organisational cyber resilience: management perspectives","volume":"27","year":"2023","journal-title":"Australasian Journal of Information Systems"},{"issue":"1","key":"key2025022807063029500_ref007","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1016\/j.ejor.2020.04.040","article-title":"On metrics for supply chain resilience","volume":"287","year":"2020","journal-title":"European Journal of Operational Research"},{"issue":"2","key":"key2025022807063029500_ref008","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1016\/j.ejor.2019.01.011","article-title":"Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems","volume":"276","year":"2019","journal-title":"European Journal of Operational Research"},{"issue":"4","key":"key2025022807063029500_ref009","doi-asserted-by":"publisher","first-page":"733","DOI":"10.1193\/1.1623497","article-title":"A framework to quantitatively assess and enhance the seismic resilience of communities","volume":"19","year":"2003","journal-title":"Earthquake Spectra"},{"issue":"1","key":"key2025022807063029500_ref010","doi-asserted-by":"publisher","first-page":"138","DOI":"10.3390\/s19010138","article-title":"Defining a cyber resilience investment strategy in an industrial internet of things context","volume":"19","year":"2019","journal-title":"Sensors"},{"issue":"2","key":"key2025022807063029500_ref011","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1287\/isre.1080.0180","article-title":"Configuration of and interaction between information security technologies: the case of firewalls and intrusion detection systems","volume":"20","year":"2009","journal-title":"Information Systems Research"},{"issue":"11","key":"key2025022807063029500_ref012","doi-asserted-by":"publisher","first-page":"3639","DOI":"10.1016\/j.engstruct.2010.08.008","article-title":"Framework for analytical quantification of disaster resilience","volume":"32","year":"2010","journal-title":"Engineering Structures"},{"key":"key2025022807063029500_ref013","doi-asserted-by":"publisher","first-page":"576","DOI":"10.1016\/j.ins.2018.12.051","article-title":"An insurance theory based optimal cyber-insurance contract against moral hazard","volume":"527","year":"2020","journal-title":"Information Sciences"},{"issue":"1","key":"key2025022807063029500_ref014","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1111\/rmir.12169","article-title":"Cyber risk management: history and future research directions","volume":"24","year":"2021","journal-title":"Risk Management and Insurance Review"},{"key":"key2025022807063029500_ref015","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101996","article-title":"A systematic review of cyber-resilience assessment frameworks","volume":"97","year":"2020","journal-title":"Computers and Security"},{"issue":"1","key":"key2025022807063029500_ref016","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/s10796-018-9845-8","article-title":"Interdependency analysis in security investment against strategic attacks","volume":"22","year":"2020","journal-title":"Information Systems Frontiers"},{"issue":"1","key":"key2025022807063029500_ref017","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1111\/risa.12891","article-title":"Multicriteria decision framework for cybersecurity risk assessment and management","volume":"40","year":"2020","journal-title":"Risk Analysis"},{"issue":"7","key":"key2025022807063029500_ref018","doi-asserted-by":"publisher","first-page":"2748","DOI":"10.1002\/mde.3560","article-title":"An economic analysis of information security outsourcing with competitive firms","volume":"43","year":"2022","journal-title":"Managerial and Decision Economics"},{"issue":"5","key":"key2025022807063029500_ref019","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1080\/23789689.2019.1610600","article-title":"A review on resilience assessment of energy systems","volume":"6","year":"2021","journal-title":"Sustainable and Resilient Infrastructure"},{"issue":"4","key":"key2025022807063029500_ref020","doi-asserted-by":"publisher","first-page":"906","DOI":"10.1108\/jeim-07-2022-0228","article-title":"Information systems security resilience as a dynamic capability","volume":"36","year":"2023","journal-title":"Journal of Enterprise Information Management"},{"issue":"4","key":"key2025022807063029500_ref021","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","year":"2002","journal-title":"ACM Transactions on Information and System Security"},{"issue":"1","key":"key2025022807063029500_ref022","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1016\/j.ijpe.2012.06.022","article-title":"Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints","volume":"141","year":"2013","journal-title":"International Journal of Production Economics"},{"issue":"7","key":"key2025022807063029500_ref023","doi-asserted-by":"publisher","first-page":"1125","DOI":"10.1093\/nsr\/nwz218","article-title":"Dynamic games for secure and resilient control system design","volume":"7","year":"2020","journal-title":"National Science Review"},{"issue":"2","key":"key2025022807063029500_ref024","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1016\/j.ejor.2018.10.020","article-title":"Resilience in information stewardship","volume":"274","year":"2019","journal-title":"European Journal of Operational Research"},{"key":"key2025022807063029500_ref025","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2021.107538","article-title":"Optimizing the resilience of interdependent infrastructures to regional natural hazards with combined improvement measures","volume":"210","year":"2021","journal-title":"Reliability Engineering and System Safety"},{"issue":"2","key":"key2025022807063029500_ref026","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1287\/isre.1120.0447","article-title":"Contracting information security in the presence of double moral hazard","volume":"24","year":"2013","journal-title":"Information Systems Research"},{"issue":"1","key":"key2025022807063029500_ref027","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1287\/isre.2015.0607","article-title":"Mandatory standards and organizational information security","volume":"27","year":"2016","journal-title":"Information Systems Research"},{"issue":"1","key":"key2025022807063029500_ref028","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2011.05.007","article-title":"Embracing risk: cyber insurance as an incentive mechanism for cybersecurity","volume":"2","year":"2021","journal-title":"Synthesis Lectures on Learning, Networks, and Algorithms"},{"issue":"1","key":"key2025022807063029500_ref029","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1016\/j.dss.2011.05.007","article-title":"Knowledge sharing and investment decisions in information security","volume":"52","year":"2011","journal-title":"Decision Support Systems"},{"key":"key2025022807063029500_ref030","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cosrev.2017.01.001","article-title":"Cyber-insurance survey","volume":"24","year":"2017","journal-title":"Computer Science Review"},{"key":"key2025022807063029500_ref031","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1016\/j.ijpe.2016.09.018","article-title":"An economic model to evaluate information security investment of risk-taking small and medium enterprises","volume":"182","year":"2016","journal-title":"International Journal of Production Economics"},{"issue":"1","key":"key2025022807063029500_ref032","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1002\/j.2158-1592.2010.tb00125.x","article-title":"Ensuring supply chain resilience: development of a conceptual framework","volume":"31","year":"2010","journal-title":"Journal of Business Logistics"},{"issue":"3","key":"key2025022807063029500_ref033","doi-asserted-by":"publisher","first-page":"1791","DOI":"10.1111\/itor.12972","article-title":"A game of information security investment considering security insurance and complementary information assets","volume":"29","year":"2022","journal-title":"International Transactions in Operational Research"},{"issue":"2","key":"key2025022807063029500_ref034","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1108\/09685221111143042","article-title":"Optimizing investment decisions in selecting information security remedies","volume":"19","year":"2011","journal-title":"Information Management and Computer Security"},{"key":"key2025022807063029500_ref035","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102533","article-title":"Expanding the Gordon-Loeb model to cyber-insurance","volume":"112","year":"2022","journal-title":"Computers and Security"},{"key":"key2025022807063029500_ref036","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1016\/j.ress.2016.10.014","article-title":"A framework for the quantitative assessment of performance-based system resilience","volume":"158","year":"2017","journal-title":"Reliability Engineering and System Safety"},{"key":"key2025022807063029500_ref037","doi-asserted-by":"publisher","DOI":"10.1016\/j.pdisas.2022.100244","article-title":"Modeling critical infrastructure resilience under compounding threats: a systematic literature review","volume":"15","year":"2022","journal-title":"Progress in Disaster Science"},{"issue":"4","key":"key2025022807063029500_ref038","doi-asserted-by":"publisher","first-page":"716","DOI":"10.1080\/01605682.2020.1854631","article-title":"A game-theoretical model of firm security reactions responding to a strategic hacker in a competitive industry","volume":"73","year":"2022","journal-title":"Journal of the Operational Research Society"},{"issue":"1","key":"key2025022807063029500_ref039","doi-asserted-by":"publisher","first-page":"123","DOI":"10.2753\/MIS0742-1222300104","article-title":"Managing interdependent information security risks: cyberinsurance, managed security services, and risk pooling arrangements","volume":"30","year":"2013","journal-title":"Journal of Management Information Systems"},{"issue":"6","key":"key2025022807063029500_ref040","doi-asserted-by":"publisher","first-page":"1053","DOI":"10.1111\/deci.12103","article-title":"Quantitatively representing nonlinear disaster recovery","volume":"45","year":"2014","journal-title":"Decision Sciences"},{"key":"key2025022807063029500_ref041","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.cor.2011.09.024","article-title":"Characterizing multi-event disaster resilience","volume":"42","year":"2014","journal-title":"Computers and Operations Research"}],"container-title":["Journal of Enterprise Information Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JEIM-04-2023-0189\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JEIM-04-2023-0189\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:31:16Z","timestamp":1753396276000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/jeim\/article\/38\/2\/502-531\/1240933"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,23]]},"references-count":41,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,10,23]]},"published-print":{"date-parts":[[2025,2,25]]}},"alternative-id":["10.1108\/JEIM-04-2023-0189"],"URL":"https:\/\/doi.org\/10.1108\/jeim-04-2023-0189","relation":{},"ISSN":["1741-0398"],"issn-type":[{"value":"1741-0398","type":"print"}],"subject":[],"published":{"date-parts":[[2024,10,23]]}}}