Enhancing cybersecurity capability investments: Evidence from an experiment

In recent years, investments in cybersecurity capabilities (CC) have emerged as an essential practice in reducing cyberattacks and optimizing the usage of technologies. Therefore, optimal investments in capabilities must be determined according to the cybersecurity scenario of firms. This experiment...

Full description

Saved in:
Bibliographic Details
Published in:Technology in society 2024-03, Vol.76, p.102449, Article 102449
Main Authors: Pigola, Angélica, Da Costa, Priscila Rezende, Ferasso, Marcos, Cavalcanti da Silva, Luís Fabio
Format: Article
Language:English
Subjects:
Cybersecurity
Dynamic capabilities
Experiment
Iterative learning
Simulation
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In recent years, investments in cybersecurity capabilities (CC) have emerged as an essential practice in reducing cyberattacks and optimizing the usage of technologies. Therefore, optimal investments in capabilities must be determined according to the cybersecurity scenario of firms. This experiment pursues an understanding of the effectiveness of the iterative learning process in investments in CC. Through a simulator game, experienced and inexperienced participants overcome challenges related to uncertainties of cyber incidents to decision-making in cybersecurity capability investments. The collected data were empirically tested from 119 participants analyzing 3,808 simulation runs. The findings demonstrated that there is a slight difference in the learning curve between the two groups even if they learn proactively and iteratively. However, experienced, and inexperienced groups did not demonstrate enough capacity to analyze the cybersecurity ecosystems designed in the simulator game to mitigate cyber incidents. Both groups exhibited similar results regarding gaps to invest in CC to address uncertainties associated with cyber threats. In this sense, this experiment highlights the relevance of learning about CC investments in any context to avoid resource losses and time to uncover the complexities related to incident responses. •Simulator game demonstrated good acceptance among participants.•Cybersecurity capabilities investments might be learnt proactively and iteratively.•There is a slight difference in the learning curve between experience and inexperience groups.•Experience and inexperience groups did not demonstrate knowledge in cybersecurity capabilities to mitigate cyber incidents.•Participants did not demonstrate knowledge in the relationship between cybersecurity capabilities and technological ecosystem.
ISSN:0160-791X
1879-3274
DOI:10.1016/j.techsoc.2023.102449