The National Security Agency's Laboratory for Telecommunication Sciences (LTS) has awarded research funding for a project titled "Cost-Benefit Analysis of Information Sharing" by professors Lawrence Gordon and Martin Loeb and Research Scholar Lei Zhou at the University of Maryland’s Robert H. Smith School of Business. The funding is part of Maryland’s College of Computer, Mathematical, and Natural Science’s Institute for Advanced Computer Studies' LTS Magic Apple contract.
“It is gratifying that NSA has decided to support the above research project, which is related to our research on cybersecurity economics,” says Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance. “The support for our stream of research related to cybersecurity economics by the Smith School of Business at Maryland over the past two decades has been critical to our success in this work.”
That stream includes the Gordon-Loeb Model for Investing in Cyber/Information Security, which has been widely acclaimed in both the academic and practitioner literature. Developed by Gordon and Loeb, professor of accounting and information assurance and Deloitte & Touche LLP Faculty Fellow, the model shows that it is generally inappropriate for firms to invest more than 37% of the expected losses from cybersecurity breaches.
More recently, "Increasing Cybersecurity Investments in Private Sector Firms" – in the Journal of Cybersecurity and co-authored by Gordon, Loeb and Zhou, with Research Professor William Lucyshyn in UMD’s School of Public Policy – received Honorable Mention from NSA for its contribution to the Cybersecurity literature in the NSA Best Scientific Cybersecurity Paper Competition. This latter work presents an economics-based framework for evaluating governmental approaches to increase private sector investment in cybersecurity.