Table of Contents
Fetching ...

A stochastic Gordon-Loeb model for optimal cybersecurity investment under clustered attacks

Giorgia Callegaro, Claudio Fontana, Caroline Hillairet, Beatrice Ongarato

TL;DR

This paper develops a dynamic, stochastic extension of the Gordon–Loeb framework by modeling cyberattack arrivals with a Hawkes process, capturing clustering effects. The authors formulate a two-dimensional stochastic control problem with state variables for attack intensity $\lambda_t$ and cybersecurity level $H_t$, deriving a Hamilton–Jacobi–Bellman equation (HJB-PIDE) and the optimal investment rule $z^*=(\partial V/\partial h-1)^+ / \gamma$. Numerical solution via the method of lines and Radau IIA yields adaptive, real-time investment policies that outperform static and Poisson-based benchmarks, especially in high-clustering regimes. The results demonstrate that accounting for threat clustering substantially improves risk management by enabling timely and scale-sensitive cybersecurity investments, with practical implications for dynamic risk budgeting and policy design.

Abstract

We develop a continuous-time stochastic model for optimal cybersecurity investment under the threat of cyberattacks. The arrival of attacks is modeled using a Hawkes process, capturing the empirically relevant feature of clustering in cyberattacks. Extending the Gordon-Loeb model, each attack may result in a breach, with breach probability depending on the system's vulnerability. We aim at determining the optimal cybersecurity investment to reduce vulnerability. The problem is cast as a two-dimensional Markovian stochastic optimal control problem and solved using dynamic programming methods. Numerical results illustrate how accounting for attack clustering leads to more responsive and effective investment policies, offering significant improvements over static and Poisson-based benchmark strategies. Our findings underscore the value of incorporating realistic threat dynamics into cybersecurity risk management.

A stochastic Gordon-Loeb model for optimal cybersecurity investment under clustered attacks

TL;DR

This paper develops a dynamic, stochastic extension of the Gordon–Loeb framework by modeling cyberattack arrivals with a Hawkes process, capturing clustering effects. The authors formulate a two-dimensional stochastic control problem with state variables for attack intensity and cybersecurity level , deriving a Hamilton–Jacobi–Bellman equation (HJB-PIDE) and the optimal investment rule . Numerical solution via the method of lines and Radau IIA yields adaptive, real-time investment policies that outperform static and Poisson-based benchmarks, especially in high-clustering regimes. The results demonstrate that accounting for threat clustering substantially improves risk management by enabling timely and scale-sensitive cybersecurity investments, with practical implications for dynamic risk budgeting and policy design.

Abstract

We develop a continuous-time stochastic model for optimal cybersecurity investment under the threat of cyberattacks. The arrival of attacks is modeled using a Hawkes process, capturing the empirically relevant feature of clustering in cyberattacks. Extending the Gordon-Loeb model, each attack may result in a breach, with breach probability depending on the system's vulnerability. We aim at determining the optimal cybersecurity investment to reduce vulnerability. The problem is cast as a two-dimensional Markovian stochastic optimal control problem and solved using dynamic programming methods. Numerical results illustrate how accounting for attack clustering leads to more responsive and effective investment policies, offering significant improvements over static and Poisson-based benchmark strategies. Our findings underscore the value of incorporating realistic threat dynamics into cybersecurity risk management.
Paper Structure (21 sections, 4 theorems, 40 equations, 10 figures, 5 tables, 2 algorithms)

This paper contains 21 sections, 4 theorems, 40 equations, 10 figures, 5 tables, 2 algorithms.

Key Result

Proposition 1

Let $(N_t)_{t\geq0}$ be a Hawkes process with intensity $(\lambda_t)_{t\geq0}$ given in intensity-SDE, with $\beta<\xi$. Then, for all $t\geq0$,

Figures (10)

  • Figure 1: One simulated trajectory of $N$ (top) and $\lambda$ (bottom), for $\alpha=27$, $\lambda_0=27$, $\xi=15$, $\beta=9$.
  • Figure 2: Security breach function (parameters as in Table \ref{['tab: breach function']}).
  • Figure 3: Value function and optimal investment rate computed under the standard parameters set.
  • Figure 4: Value function and optimal investment rate for $\xi=15$ and $\xi=50$, for fixed $h$ and $\lambda$.
  • Figure 5: Value function and optimal investment rate for $\rho=0$ and $\rho=1$, for fixed $h$ and $\lambda$.
  • ...and 5 more figures

Theorems & Definitions (17)

  • Remark 1
  • Proposition 1
  • Remark 2
  • Remark 3
  • Remark 4
  • Proposition 2
  • proof
  • Definition 1
  • Remark 5
  • Theorem 1
  • ...and 7 more