Cybersecurity Economics Education and Research (CEER) Group

   Cybersecurity Economics Education and Research (CEER) Group 

The Cybersecurity Economics Education and Research Group, hereafter referred to as the CEER Group, consists of an informal group of individuals affiliated with the University of Maryland (UMD) who have a common interest in accounting and economic aspects of cybersecurity. The CEER Group has its origins in an educational project designed by Professor Lawrence A. Gordon for his MBA students during the spring of 1998 at UMD’s Robert H. Smith School of Business. By the summer of 1999, Professor Martin P. Loeb joined Professor Gordon on a research project, initially funded by UMD’s Smith School of Business, focusing on addressing the following two fundamental questions: How much should an organization invest in cybersecurity activities? What is the real cost of cybersecurity breaches to organizations?

Starting in the spring of 2000, through the spring of 2006, the U.S. National Security Agency (NSA) provided support (totaling $965K) for the research activities of Drs. Gordon and Loeb (both Professors in the Smith School of Business) concerning a broad array of research issues falling under the umbrella of economic aspects of cybersecurity. In the summer of 2001, Mr. William Lucyshyn (Director of Research and Research Professor at UMD’s Center for Public Policy and Private Enterprise), began working with Drs. Gordon and Loeb on various research projects related to accounting and economic aspects of cybersecurity. Within a few years, Drs. Lawrence Bodin, Lei Zhou and Tashfeen Sohail also became key members of this informal group of educators and researchers who work on various issues related to accounting and economic aspects of cybersecurity. In October of 2007, Dr. Gordon was invited to provide Congressional Testimony concerning his research on cybersecurity economics before a Subcommittee of the U.S. House Committee on Homeland Security.

The following are among the other significant developments related to the CEER Group. The International Workshop on Economics and Information Security (WEIS) was established in 2002 (Drs. Gordon and Loeb are among the founding organizers of WEIS). An annual forum entitled Financial Information Systems and Cybersecurity: A Public Policy Perspective was started at UMD in 2004 (Drs. Gordon and Loeb, and Mr. Lucyshyn, are the Co-Coordinators of this forum and the 15th Annual Forum took place on 1/9/19). Research funding (totaling $667K) for a major research project concerned with Increasing Cybersecurity Investments in Private Sector Firms was provided by the U.S. Department of Homeland Security, from October 2012 through the end of June 2015, to Dr. Gordon (as Principal Investigator [PI]), Dr. Loeb (as Co-PI) and Mr. Lucyshyn (as Co-PI). Dr. Gordon began teaching a new Honors Seminar entitled “Accounting and Economic Aspects of Cybersecurity,” in the spring of 2014, as part of the Advanced Cybersecurity Experience for Students (ACES) living-learning program offered by the Honors College at UMD. In 2016, NSA awarded Gordon, Loeb, Lucyshyn and Zhou Honorable Mention for their scientific contribution to the cybersecurity literature, based on their paper entitled “Increasing Cybersecurity Investments in Private Sector Firms” (published in the Journal of Cybersecurity in 2015). In the fall of 2016, Dr. Gordon was appointed by UMD’s Provost and Senior VP to the Advisory Board of the University’s new Maryland Global Initiative on Cybersecurity (MaGIC). In the fall of 2017, Dr. Gordon began teaching a new course in the Smith School’s MS in Accounting program entitled “Research on Accounting and Economic Aspects of Cybersecurity.” Dr. Gordon is currently a Co-PI on a $5M Grant from the National Science Foundation to support Cybersecurity Education at UMD (for the period 1/1/18-12/31/22).

Since its inception, the CEER Group has also produced a large number of publications in a variety of academic and professional journals. One of these publications includes the Gordon-Loeb Model  (published in ACM Transactions on Information and System Security, 2002), which is the most widely accepted analytical model in the economics of cyber/information security literature. In 2017, the U.S. Better Business Bureau recommended this Model as a guide to help small businesses make cybersecurity investment decisions.  In 2006, Drs. Gordon and Loeb, authored the book entitled MANAGING CYBERSECURITY RESOURCES: A Cost-Benefit Analysis (published by McGraw-Hill, Inc.). In 2008, Dr. Gordon established an Endowment Fund (with an initial gift of $25K) at UMD to support The Gordon Prize in Managing Cybersecurity Resources.

A fundamental focus of the CEER group has always been, and continues to be, free advice (as a service) to organizations on ways to improve the efficiency of their allocation of scarce resources to cybersecurity activities, with a particular emphasis on managing cybersecurity risk. A large number of businesses and government organizations have already taken advantage of this free service over the past eighteen years.

Individuals and organizations interested in becoming affiliated with, or obtaining more information about, the CEER Group should contact Dr. Lawrence A. Gordon (lgordon@rhsmith.umd.edu), EY Alumni Professor of Managerial Accounting and Information Assurance, Robert H. Smith School of Business, University of Maryland.