Using real options to value losses from cyber attacks
- PDF / 194,914 Bytes
- 13 Pages / 595 x 765 pts Page_size
- 84 Downloads / 195 Views
Using real options to value losses from cyber attacks G. Stevenson Smith is the John Massey Professor of Accounting at Southeastern Oklahoma State University in Durant, Oklahoma. He is the coauthor of Forensic and Investigative Accounting 2nd edition (CCH, 2005). His published research has appeared in numerous scholarly journals, and he writes a biannual column, Black Tech Forensics, covering high tech cybercrime methods and their prevention for the Journal of Forensic Accounting.
Anthony J. Amoruso is an Assistant Professor of Accounting at West Virginia University whose teaching interests are in the financial accounting area and whose research interests are in forensic accounting and corporate social responsibility.
Keywords: real options, cyber attack, digital assets, cyber losses, hacking, cybercrime Abstract When traditional assets are lost, the loss is typically considered to be the summation of the purchase price and the costs of labor and material used to put an asset into production, reduced by depreciation charges and insurance recoveries. With digital assets, traditional loss valuation fails to reflect the full loss to the company, as much of a digital asset’s value is based on intangibles. Here, the argument is made that without a full valuation of digital assets, managers do not know the true loss they have experienced should the asset be lost. Consequently, optimal managerial decisions cannot be made. Real options analysis using binomial trees are suggested as a means to measure the full value of digital assets, and their resulting losses. Journal of Digital Asset Management (2006) 2, 150–162. doi:10.1057/palgrave.dam.3650033
INTRODUCTION
G. Stevenson Smith Professor of Accounting, College of Business & Economics West Virginia University Morgantown, WV 26506-6025 USA Tel: + 1 304 293 7848 E-mail: steven.smith@ mail.wvu.edu
150
Today, cyber attacks can be targeted against any business or organization with connections to the Internet, and a successful attack can destroy valuable digital assets.1 For our purposes, digital assets are considered to be electronic data sets having a future economic value and possessing legal proprietary rights. Examples of such assets are software, computer code, video games, digital images,WAV files, animations, digital records (such as databases, e-documents and e-books), e-tokens, webpages, PowerPoint presentations, and residual information held within a computer.2 When compared with physical assets, digital assets are distinguished by their ease of transferability and alteration. If these assets are damaged or destroyed, traditional loss valuation fails to capture the extent of the incurred loss. Without an understanding of all the variables that go into a loss determination, it is difficult to determine the full loss to a company’s digital assets or to make informed business decisions. There are several reasons for accurately quantifying asset losses from cyber attacks. First, correct loss valuation is necessary when
JOURNAL OF DIGITAL ASSET MANAGEMENT
Vol. 2, 3
Data Loading...
