Assessing Economic Impact due to Cyber Attacks with System Dynamics Approach

Cyber security has become a serious challenge for organizations due to growing use of the Internet and increasing values of information that are stored in organizations' information systems. Because of the complexity and the number of different variables involved with information security, a special analytical tool is required to address the problem of how to balance the investment in different parts of the system in order to reduce the losses due to cyber attacks. Using the System Dynamics approach as an effective analytical tool is proposed to demonstrate dealing of complex situations due to cyber attacks involving different variables such as attractiveness of targets to losses, and their inter-relationships. Using this model, a casual loop diagram can be used to present an overview of the model and its associated variables. The model is based on quantitative measurements of security and the time that attackers may need to compromise a system. The model will assist in achieving the balance between investment on security and the resultant reduction of losses due to cyber attacks.