An Interdisciplinary Study of Cybersecurity Investment in the Nonprofit Sector

Abstract

Cybersecurity is becoming a worldwide priority. It is critical for organizations to quantify losses from cybercrimes and make informed decisions on cybersecurity investments. This paper expands the body of knowledge in cybersecurity of nonprofit organizations (NPOs)—a less-researched area—by examining investment in NPOs’ cybersecurity from the business and economics perspectives. The authors combine two economics and risk management models to quantify the potential loss caused by a cyberattack. The paper provides a hypothetical example of applying the insights from the GL and FAIR risk models to assess the information assets of an NPO and calculating the optimal level of cybersecurity investment. Developing cybersecurity measures for NPOs is equally important as developing cybersecurity strategies, tools, and policies for large corporations or small businesses. Therefore, the findings of this paper can serve as decision-making tools for NPOs to evaluate information security assets, estimate the potential loss caused by cyberattacks, and determine the optimal investment value in cybersecurity measures.