Lawrence Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance at the University of Maryland’s Robert H. Smith School of Business discussed the Gordon-Loeb Model for Cybersecurity Investments at the University of Tokyo on Nov. 20, 2017.
Invited by Professor Kanta Matsuura of the University of Tokyo’s Institute of Industrial Science, Gordon described the model (illustrated here) to an audience of professors, PhD students and local business executives “interested in learning about the application of the model as a framework for deciding on how much an organization should invest in cybersecurity activities and how such investments should be allocated,” said Gordon, who created the model with Martin Loeb, professor of accounting and information assurance and Deloitte & Touche LLP Faculty Fellow.
The Gordon-Loeb Model has been widely acclaimed in both the academic and practitioner literature. The model shows that it is generally inappropriate for firms to invest more than 37 percent of the expected losses from cybersecurity breaches.
Earlier this year, the U.S. Better Business Bureau recommended the Gordon-Loeb Model as a guide to help small businesses make cybersecurity investment decisions.