MERIT: A fraMEwoRk to Model and IncenTivise Cyber Security Investment Decisions

Funded by the National Cyber Security Centre in collaboration with the Research Institute in Sociotechnical Cyber Security (RISCS) under the call: Economics and Incentives (Apr 2020 - March 21)

The MERIT addresses the challenge of how to take better cyber security investment decisions. It aims at minimising cyber security risks by optimally investing its budget for cyber controls. In a multi-disciplinary approach, it utilises both economics and cybersecurity engineering insights to significantly extend the state-of-the-art in decision support for cybersecurity spending. It combines econometrics, game theory, mathematical optimisation and cyber security engineering concepts.

MERIT is addressing the complete cyber security management lifecycle, including asset pricing, threat-based risk assessment and optimal risk control constrained by a financial budget. The value of MERIT to practitioners is to increase the effectiveness of cyber security budget spending as decided by Chief Information Security Officers (CISOs) and boards of directors. This effectiveness refers to both time to make a decision as well as financial savings.

Budget: £60k (University of Greenwich share £48k).
Principal Investigator: Manos Panaousis, co-Investigator: Michail Chronopoulos (City University London, Cass Business School).
Partners: City University, IASME consortium, Imperial College, Giess Wallis Crisp LLP.
Role: Leading research and development on optimisation cyber security investments.

Emmanouil (Manos) Panaousis
Emmanouil (Manos) Panaousis
Founder and Head of the Cyber Risk Lab, Associate Professor of Computer Science