Abstract: This paper introduces a novel Interest Rate Calculation Model for cyber security risk quantification, addressing the challenges of cyber security debt management. Unlike traditional qualitative risk assessments, this model applies financial principles to quantify risk impact dynamically, integrating seamlessly with industry frameworks. By framing cyber security risks in financial terms, the model enhances decision-making, promotes strategic resource allocation, and fosters stakeholder engagement. Through a structured methodology, it empowers organisations to assess, prioritise, and mitigate cyber security debt efficiently, ensuring long-term resilience in an evolving threat landscape.

1. Introduction

This paper is a continuation of previous research in cyber security debt management where the authors presented a novel framework for managing cyber security debt (Coetzer and Leenen, 2024). Their framework is an innovative approach that draws the principles of established industry methodologies to comprehensively assess and manage cyber security debt. Cyber security risk management traditionally relies on qualitative assessments, often failing to convey the financial impact of unaddressed vulnerabilities. This paper presents the Interest Rate Calculation Model, a new approach that translates cyber security risk into a financial metric, bridging the gap between technical assessments and executive decision-making.

The Interest Rate Calculation Model represents an approach to managing cyber security debt. Drawing on financial principles, it employs a dynamic mechanism to quantitatively evaluate the potential financial impact of unmitigated cyber security risks. Translating complex technical risks into a financial context enhances decisionmaking and promotes active stakeholder engagement. By integrating the probability of risk occurrence with the magnitude of potential losses, the model produces an "interest rate" that vividly illustrates the urgency and severity of specific threats.

This approach transcends technical boundaries, bridging the gap between cyber security professionals and nontechnical stakeholders. By framing risk severity in financial terms, the model facilitates effective communication and enables decision-makers to prioritise resource allocation and manage risks more strategically. Through this innovative fusion of financial concepts and cyber security challenges, the Interest Rate Calculation Model delivers a tangible metric for assessing risks, fostering better prioritisation and collaboration. It empowers organisations to address cyber security debt with greater strategic insight, paving the way for sustainable digital resilience.

The outcomes of this study directly address a critical gap in cyber security risk management: the lack of quantifiable financial impact analysis. Current...