| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | March 3, 2022 |
| Latest Amendment Date: | March 3, 2022 |
| Award Number: | 2147505 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Sara Kiesler
skiesler@nsf.gov (703)292-8643 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | April 1, 2022 |
| End Date: | March 31, 2026 (Estimated) |
| Total Intended Award Amount: | $494,509.00 |
| Total Awarded Amount to Date: | $494,509.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
800 S TUCKER DR TULSA OK US 74104-9700 (918)631-2192 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
800 S. Tucker Drive Tulsa OK US 74104-9700 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070, 47.075 |
ABSTRACT
Even though organizations are investing heavily in cybersecurity, they often cannot answer basic questions about the effectiveness of their investments, such as which defenses reduce the risk of suffering an incident, and by how much. They struggle to accurately quantify the financial costs of the harms resulting from successful attacks. This project seeks to improve understanding of how firm-level cybersecurity practices affect these outcomes by focusing on the case of Israeli enterprises. By bringing together leading scholars in the economics of cybersecurity with the Israeli National Cyber Directorate (INCD), the project helps advance the cybersecurity of the state of Israel and its organizations. Moreover, it advances the scientific understanding of cyber risk management while serving as a model for future data collection and analysis undertaken in the U.S. and beyond.
The project focuses on three key research objectives. First, a series of empirical analyses examine how exposure and security precautions of enterprises affect likelihood of experiencing a cyber incident. The analysis leverages data from detailed firm-level surveys carried out by Israelís Central Bureau of Statistics (CBS), complemented by external measurements of enterprise cyber hygiene gathered directly from public sources. The second research objective is to quantify the harms resulting from experiencing an incident. For this effort, the project analyzes data gathered by the Israeli CERT hotline that asks enterprise victims about the impacts resulting from ransomware attacks. Additionally, CBS survey questions involving harm are analyzed. The third research objective is to develop and analyze longitudinal cyber risk indicators. The project team collaborates with INCD and CBS to analyze longitudinal data obtained from readministering the survey in subsequent years.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.
