Optimal Timing of Information Security Investment: A Real Options Approach

  • Ken-ichi Tatsumi
  • Makoto Goto
Conference paper


This chapter applies real options analytic framework to firms' investment activity in information security technology and then a dynamic analysis of information security investment is explored by extending Gordon-Loeb (2002). The current research provides how firms have to respond to immediate or remote threat numerically. It shows that although positive drift of threat causes both larger and later investment expenditure, negative drift causes immediate investment and lower investment expenditure. The efficiency of vulnerability reduction technology encourages firms to invest earlier and induces cost reduction. To know the form of vulnerability is important because the effect of high vulnerability on timing and amount of the investment expenditure is mixed.


Information Security Real Option High Vulnerability Optimal Investment Risk Free Interest Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Copeland, T., Antikarnov, V.: Real Options: A Practitioner’s guide. Texere (2001)Google Scholar
  2. 2.
    Dixit, A.K., Pindyck, R.S.: Investment Under Uncertainty. Princeton University Press (1994)Google Scholar
  3. 3.
    Gordon L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security 5(4), 438–457 (2002)Google Scholar
  4. 4.
    Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 19(2), 1–7 (2003)Google Scholar
  5. 5.
    Gal-Or, E., Ghose, A.: The economic incentives for sharing security information. Information Systems Research 16(2), 186–208 (2005)Google Scholar
  6. 6.
    Herath, H., Harath, T.: Investments in information security: A real options perspective with bayesian postaudit. Journal of Management Information Systems 25(3), 337–375 (2009)Google Scholar
  7. 7.
    Pindyck, R. S. (1991). Irreversibility, uncertainty, and investment. Journal of Economic Literature 29(3), 1110–1148.Google Scholar
  8. 8.
    Roundtable discussion in WEIS 2003 Scholar
  9. 9.
    Trigeorgis, L.: Real Options. MIT Press (1996)Google Scholar
  10. 10.
    Willemson, J.: On the Gordon & Loeb model for information security investment. In: Proceedings of the 5thWorkshop on the Economics of Information Security (WEIS). Cambridge, UK (2006)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Faculty of EconomicsGakushuin UniversityTokyoJapan
  2. 2.Graduate School of Economics and Business AdministrationHokkaido UniversitySapporoJapan

Personalised recommendations