Hostname: page-component-76d6cb85b7-dqfph Total loading time: 0 Render date: 2026-07-15T07:41:22.992Z Has data issue: false hasContentIssue false

A stochastic Gordon–Loeb model for optimal cybersecurity investment under clustered attacks

Published online by Cambridge University Press:  07 July 2026

Giorgia Callegaro
Affiliation:
Dept. of Mathematics, "Tullio Levi-Civita", Università degli Studi di Padova, Italy
Claudio Fontana*
Affiliation:
Dept. of Mathematics, "Tullio Levi-Civita", Università degli Studi di Padova, Italy
Caroline Hillairet
Affiliation:
ENSAE Paris, France
Beatrice Ongarato
Affiliation:
Institute of Mathematical Stochastics, Technische Universität Dresden, Germany
*
Corresponding author: Claudio Fontana; Email: fontana@math.unipd.it
Rights & Permissions [Opens in a new window]

Abstract

We develop a continuous-time stochastic model for optimal cybersecurity investment under the threat of cyberattacks. The arrival of attacks is modeled using a Hawkes process, capturing the empirically relevant feature of clustering in cyberattacks. Extending the Gordon–Loeb model, each attack may result in a breach, with breach probability depending on the system’s vulnerability. We aim at determining the optimal cybersecurity investment to reduce vulnerability. The problem is cast as a two-dimensional Markovian stochastic optimal control problem and solved using dynamic programming methods. Numerical results illustrate how accounting for attack clustering leads to more responsive and effective investment policies, offering significant improvements over static and Poisson-based benchmark strategies. Our findings underscore the value of incorporating realistic threat dynamics into cybersecurity risk management.

Information

Type
Original Research Paper
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution and reproduction, provided the original article is properly cited.
Copyright
© The Author(s), 2026. Published by Cambridge University Press on behalf of The Institute and Faculty of Actuaries
Figure 0

Figure 1 Figure 1 long description.One simulated trajectory of N$N$ (top) and λ$\lambda$ (bottom), for α=27$\alpha =27$, λ0=27$\lambda _0=27$, ξ=15$\xi =15$, and β=9$\beta =9$.

Figure 1

Table 1. Specification of the security breach function

Figure 2

Table 2. Parameters of the stochastic intensity

Figure 3

Table 3. Parameters of the optimization problem

Figure 4

Figure 2 Security breach function (parameters as in Table 1).

Figure 5

Table 4. Meta-parameters for Algorithm1

Figure 6

Algorithm 1 Numerical solution of the PIDE (16)Algorithm 1 long description.

Figure 7

Algorithm 2 Numerical computation of the optimal controlAlgorithm 2 long description.

Figure 8

Figure 3 Value function and optimal investment rate computed under the standard parameters set.

Figure 9

Figure 4 Value function and optimal investment rate for ξ=15$\xi =15$ and ξ=50$\xi =50$, for fixed h$h$ and λ$\lambda$.

Figure 10

Figure 5 Value function and optimal investment rate for ρ=0$\rho =0$ and ρ=1$\rho =1$, for fixed h$h$ and λ$\lambda$.

Figure 11

Figure 6 Relative gain with respect to the optimal constant investment rate.

Figure 12

Figure 7 Figure 7 long description.Comparison with a Poisson model with constant intensity λbP=27$\lambda ^P_b=27$.

Figure 13

Figure 8 Comparison with a Poisson model with constant intensity λeP=61$\lambda ^P_e= 61$.

Figure 14

Table 5. Meta-parameters for Algorithm2

Figure 15

Figure 9 Relative gain with respect to the Poisson deterministic strategy, as defined in (27).

Figure 16

Figure 10 Figure 10 long description.Optimal strategies along simulated intensity paths.

Figure 17

Table 6. Standard deviations

Figure 18

Table 7. Premia (std deviation principle)