Skip to Main Content
Article navigation
Research Article| September 22 2025

A cost–benefit approach to optimizing security precaution adoption Available to Purchase

Noa Barnir;
Noa Barnir
School of Economics,
Tel-Aviv University
, Tel-Aviv,
Israel
Corresponding author Noa Barnir noabarnir@mail.tau.ac.il
Search for other works by this author on:
This Site
PubMed
Google Scholar
Neil Gandal;
Neil Gandal
School of Economics,
Tel-Aviv University
, Tel-Aviv,
Israel
, and School of Cyber Studies, College of Engineering and Computer Science, The University of Tulsa, Tulsa, Oklahoma, USA
Search for other works by this author on:
This Site
PubMed
Google Scholar
Tyler Moore;
Tyler Moore
School of Cyber Studies, College of Engineering and Computer Science,
The University of Tulsa
, Tulsa, Oklahoma,
USA
Search for other works by this author on:
This Site
PubMed
Google Scholar
Vincent Scott
Vincent Scott
Defense Cybersecurity Group
, St. Petersburg, Florida,
USA
Search for other works by this author on:
This Site
PubMed
Google Scholar
Author & Article Information
Corresponding author Noa Barnir noabarnir@mail.tau.ac.il
Publisher: Emerald Publishing
Received: July 07 2024
Revision Received: October 27 2024
Revision Received: March 17 2025
Revision Received: June 11 2025
Revision Received: August 11 2025
Accepted: August 11 2025
Online ISSN: 2056-497X
Print ISSN: 2056-4961
Funding
Funding Group:
  • Award Group:
    • Funder(s):
       US National Science Foundation (NSF)
    • Award Id(s):
      2147505
      ,
      2452738
  • Award Group:
    • Funder(s):
       US-Israel Binational Science Foundation (BSF)
    • Award Id(s):
      2021711
  • Funding Statement(s):
     Gandal and Moore gratefully acknowledge support from the US National Science Foundation (NSF) Award No. 2147505 and Award No. 2452738 and the US-Israel Binational Science Foundation (BSF) Award No. 2021711. The authors are grateful to the editor and two referees whose comments and suggestions significantly improved the manuscript.
© 2025 Emerald Publishing Limited
2025
Emerald Publishing Limited
Licensed re-use rights only
Information and Computer Security (2025)
https://doi.org/10.1108/ICS-07-2024-0156
Article history
Received:
July 07 2024
Revision Received:
October 27 2024
Revision Received:
March 17 2025
Revision Received:
June 11 2025
Revision Received:
August 11 2025
Accepted:
August 11 2025
Purpose

All US defense contractors were required to have fully implemented the 110 security requirements included in NIST Special Publication 800-171 entitled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” by 1 January 2018 whenever a system owned or operated by or for a contractor processes, stores or transmits controlled unclassified information. Despite the mandate, adoption has been minimal, mostly because the requirement is so costly and time consuming that medium and small firms cannot afford to comply. Because the adoption of security precautions is costly and time consuming, the purpose of this paper is to propose a constrained optimization methodology to examine this issue.

Design/methodology/approach

In this paper, the authors introduce a method to significantly reduce the number of required precautions by soliciting expert opinion as to the perceived benefits and costs of all precautions. The authors defined the difference between benefits and costs as value.

Findings

In the key constrained optimization exercise conducted, the authors show that including only the top 50 security precautions (out of the 110 security precautions) led to just a very small decline in value.

Originality/value

This paper makes an important contribution to information security research. To the best of the authors’ knowledge, no one has conducted similar analysis on the 110 proposed precautions.

Keywords:
Security precautions, Cost–benefit analysis, Defense contractors,, Constrained optimization, Robustness analysis
© 2025 Emerald Publishing Limited
2025
Emerald Publishing Limited
Licensed re-use rights only
You do not currently have access to this content.
Don't already have an account? Register

Purchased this content as a guest? Enter your email address to restore access.

Please enter valid email address.
Email address must be 94 characters or fewer.
Pay-Per-View Access
$41.00
Rental
This article is also available for rental through DeepDyve. Read this now at DeepDyve
450 Views
View Metrics
Guest editorial: HAISA 2024 special issue
A Reward-Driven bloom’s taxonomy framework for cybersecurity awareness: integrating cognitive learning with gamification principles
Determinants of the acceptance of cybersecurity chatbots: an extended protection motivation perspective
Evaluating cyber resilience frameworks for e-government: applicability of NIST CSF, ISO/IEC 27001 and COBIT 2019 in developing country contexts

Suggested Reading

Assessing bank financial performance in the context of digital financial service policy: empirical insights
Digital Policy, Regulation and Governance (February,2025)
Optimal design of spherical roller bearings based on multiple tasking operating requirements
Multidiscipline Modeling in Materials and Structures (May,2020)
Constrained design optimization of active magnetic bearings through an artificial immune system
Engineering Computations (November,2016)
The whirlpool algorithm based on physical phenomenon for solving optimization problems
Engineering Computations (January,2019)
Cybersecurity disclosures and bank credit risk exposure
International Journal of Bank Marketing (March,2026)

Related Chapters

Behavioral Welfare Economics and FDA Tobacco Regulations
Human Capital and Health Behavior
Economic Fundamentals of the Use of Robots, Artificial Intelligence, and Service Automation in Travel, Tourism, and Hospitality
Robots, Artificial Intelligence, and Service Automation in Travel, Tourism and Hospitality
Feasibility Study Methods for Entrepreneurs in Sustainability-related Ventures
Entrepreneurship, Institutional Framework and Support Mechanisms in the EU

Recommended for you

These recommendations are informed by your reading behaviors and indicated interests.

Cited By

Google Scholar
This Feature Is Available To Subscribers Only

or Create an Account

Close Modal
Close Modal