{"paper_id":"01f672d4-cf4e-4de7-9186-c1e58ba12b67","body_text":"Optimizing Cybersecurity Budgets in Financial Networks: A Comparative Study of Genetic Algorithms and Trust-Region Methods | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Optimizing Cybersecurity Budgets in Financial Networks: A Comparative Study of Genetic Algorithms and Trust-Region Methods Santanu Mondal, Rashmi Singh This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-7323238/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract This study presents a comparative analysis of genetic algorithms (GA) and trust-region constrained optimization (trust-constr) for optimizing cybersecurity budgets in interconnected financial networks. Using a monte carlo simulation with 10,000 iterations, we evaluated attack probabilities, residual risks, and cost structures across 15 financial nodes, including banks, fintech firms, and data centers. Our findings reveal that the trust-constr method outperforms the genetic algorithm (GA), delivering a 10.5% reduction in total costs ( $ 52.1M compared to $ 58.2M) and a 15.6% decrease in residual risk (0.0038 vs. 0.0045), all while maintaining strict compliance with budgetary constraints. In contrast, the GA violated financial constraints in 26.7% of cases (4/15 nodes), including a critical violation where Bank_K’s budget exceeded regulatory limits by 189% ( $ 10.64M vs. $ 3.68M cap). These findings highlight that gradient-based methods are preferable for constraint sensitive financial applications, whereas GA may be reserved for exploratory, non-convex problem spaces. This work provides cybersecurity managers and policymakers with empirically validated guidelines for selecting optimization techniques based on problem structure and regulatory requirements. Cybersecurity optimization Genetic Algorithms Trust-region methods Monte Carlo simulation Financial risk management Budget allocation Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 1. Introduction Cybersecurity threats in financial networks are escalating at an alarming rate, with global cybercrime costs projected to reach $ 10.5 trillion annually by 2025 [ 13 ]. Financial institutions, including banks, fintech firms, and payment gateways, face an average of 2,200 cyberattacks daily, with 43% targeting small and mid-sized vendors due to weaker defenses (IBM Security, 2023). Despite increasing IT budgets, financial firms now allocate 10–15% of revenue to cybersecurity. Many organizations struggle with inefficient resource allocation, leading to either underprotected critical nodes or overspending on low-risk assets [ 19 ]. Traditional optimization methods, such as rule-based budgeting, often fail to account for network interdependencies, where a single breach in a vendor can cascade into systemic failures [ 12 ]. This study addresses this gap by comparing genetic algorithms (GA) and trust-region methods for optimizing cybersecurity budgets in interconnected financial networks. Leveraging Monte Carlo simulations on a 15-node financial ecosystem, we evaluate how each method balances risk reduction, cost efficiency, and computational feasibility. Our findings provide actionable insights for policymakers and chief information security officers (CISOs) seeking data-driven strategies to mitigate cyber risks while maintaining fiscal discipline in an increasingly volatile threat landscape [ 1 ]. Recent advances in computational optimization have introduced powerful tools for cybersecurity resource allocation, with genetic algorithms (GA) and trust-region constrained optimization (trust-constr) emerging as prominent approaches [ 54 ]. While GA offers global search capabilities through evolutionary principles, trust-constr methods provide mathematically rigorous solutions with guaranteed constraint satisfaction [ 21 , 37 ]. However, the financial sector’s unique requirements, including mandatory budget caps, interdependent risks, and regulatory compliance, create a challenging optimization landscape where the relative performance of these methods remains underexplored. This study explores a comparison between these two methods by addressing the following research questions: RQ1: How do genetic algorithms (GA) and trust-region methods compare in optimizing cybersecurity budgets for financial networks in terms of computational efficiency and solution quality? RQ2: How do cybersecurity risks and costs vary between node types (e.g., Banks vs. Vendors) under optimized budgets, and which method better addresses these disparities? RQ3: Given real-world constraints, what are the practical implications of each optimization method for IT budget allocation in financial networks? To address these research questions the structure of this paper is organized as follows: Section 2 provides a comprehensive literature review, highlighting prior work in cybersecurity optimization; Section 3 outlines the methodology adopted for our comparative study; Section 4 presents detailed simulation results and analysis; Section 5 offers strategic insights derived from our findings; Section 6 discusses broader implications and suggests future research directions; and Section 7 concludes with key recommendations for practitioners. 2. Literature Review The growing sophistication of cyber threats necessitates advanced risk management frameworks that integrate technical vulnerabilities, financial constraints, and network interdependencies. Recent advances in cyber risk modeling within financial networks have highlighted the need for optimization techniques to effectively handle non-linearity, high dimensionality, and uncertainty in threats and investment constraints [ 67 ]. A comprehensive bibliometric analysis identifies the intellectual structure, research trends, and global collaboration patterns in Big Data and cybersecurity [ 34 ]. Trust-region methods (TRM) and genetic algorithms (GA) represent two prominent, yet distinct, approaches to address this challenge. The Genetic Algorithm (GA) in the model follows a standard structure with key components: population (P) of candidate solutions (individuals), fitness function (F) evaluating solution quality (minimizing cyber risk costs), selection (S) using tournament selection to choose parents, crossover (C) blending parent traits via cxBlend, and mutation (M) applying Gaussian noise for diversity. The GA iteratively evolves P over generations (G), preserving elites via hall of fame (H). Symbolically: P t+1 =M(C(S(P t ,F),mutpb)) where parameters like crossover rate (cxpb = 0.7) and mutation rate (mutpb = 0.3) guide convergence toward optimal IT budgets. Chen (2025) applied a genetic algorithm-based metaheuristic to optimize the financial cost of urban water resource scheduling. TRM has gained prominence in simulation-based cyber risk environments, particularly when integrated with monte carlo simulations to manage cyber-attack’s uncertain financial impact and propagate risks across interconnected nodes [ 16 ]. The Trust-Region Method in the model optimizes IT budgets by iteratively solving constrained subproblems within a trust region radius (Δ). At each iteration, it approximates the objective function f(x) (cyber risk costs) with a quadratic model m k (x k +s) ≈ f(x k )+∇f(x k ) T s+0.5s T B k s, where B k ​ is the Hessian or its approximation. The step s k is computed by solving: Min of m k (s); subject to ∥s∥≤Δ k . The region Δ k is adjusted based on the ratio ρ k =(f(x k ) − f(x k +s k ))/(m k (0) − m k (s k )​) to balance accuracy and convergence where bounds [L i ,U i ] ensure feasibility. An online investment decision-making model that optimizes returns under adjustable cash inflow constraints is proposed [ 39 ]. These methods excel in local refinement, especially under strict constraints and quantifiable risk landscapes, offering convergence guarantees even when derivative information is absent or unreliable [ 16 ]. Advances like eigenvalue-based Gauss Newton subproblem solvers, adaptive surrogate modeling, and variable fidelity trust-region frameworks have enhanced TRM computational efficiency and robustness in cybersecurity budget allocation tasks [ 14 ]. TRMs are also widely applied across high-stakes domains from quantum-classical optimization to aerodynamic design, data assimilation in energy systems, and multi-agent policy learning, demonstrating versatility in navigating complex, non-convex landscapes with reduced simulation overhead [ 20 ]. In contrast, GA provides a globally explorative mechanism well-suited for multi-objective and combinatorial problems, particularly those with discrete decision variables and non-differentiable functions, such as cyber-investment strategies in IoT, 5G, and multi-cloud environments [ 61 , 44 ]. GA employs evolutionary operations like selection, crossover, and mutation to explore diverse solution spaces, which is especially valuable in financial ecosystems characterized by incomplete threat visibility and dynamic adversarial behavior [ 62 ]. Research has shown that GA, especially advanced variants like non-dominated sorting genetic algorithm II (NSGA-II) and time-varying particle swarm optimization, are capable of producing Pareto-optimal solutions that balance cost, risk exposure, and service-level constraints [ 56 , 47 ]. Their effectiveness has been demonstrated in portfolio selection models, robust knapsack-type budget problems, and multi-layered network defense architectures [ 66 ]. A two-stage cyber risk propagation model is developed for supply chains, emphasizing optimal cybersecurity investment to mitigate cascading threats[ 15 ]. A detailed review highlights current AI and machine learning techniques in cybersecurity and outlines future research directions [ 40 ]. An analysis investigates how machine learning impacts intrusion detection in the context of modern cybersecurity systems [ 18 ]. Compared to traditional solvers, GA offers greater scalability and resilience in discovering globally optimal configurations across heterogeneous cybersecurity infrastructures [ 66 ]. Despite their strengths, both methods have limitations. TRM may converge to local optima in multimodal landscapes, while GA may suffer from slow convergence rates or lack of precision in constraint satisfaction. Consequently, hybrid frameworks that combine the local precision of TRM with the global exploration capabilities of GA represent a promising direction. Dual sourcing and supply stability investments, identifying optimal resilience strategies is compared for manufacturers facing supply disruptions [ 38 ]. A Lotka-Volterra-based dynamic model IS proposed to analyze cyber-attack and defense interactions under stochastic conditions [ 5 ]. A cybersecurity maturity assessment framework using an incomplete hesitant fuzzy AHP and Bonferroni means [ 24 ]. A systematic review of cybersecurity threats specific is conducted to the FinTech sector [ 30 ]. A graph-based method is developed to evaluate monitoring infrastructure and optimize cybersecurity investment decisions[ 46 ]. A hybrid feature selection method integrates kernel-based fuzzy rough sets with entropy-based NSGA for multi-label classification tasks [ 28 ]. A machine learning approach is used to forecast financial market structures based on network features [ 10 ]. The key findings with relevant literature are presented in Table 1 . Table 1 Literature review with key findings Citation Key Focus Methodology Findings Relevance to Current Study [ 53 ] Cybersecurity risk planning using genetic algorithms (GAs) for countermeasure selection under uncertainty. GA-based decision support system with fuzzy sets to model uncertain threat rates and impacts. Demonstrated GA’s effectiveness in optimizing countermeasure portfolios under budget constraints. Supports GA’s applicability in cybersecurity budget allocation under uncertainty. [ 51 ] PDE-constrained optimization using trust-region (TR) methods with reduced basis models. Certified TR framework with surrogate models to reduce computational costs. Achieved 86% reduction in full-fidelity solves while guaranteeing convergence. Highlights TR’s efficiency in high-dimensional optimization, analogous to budget reallocation. [ 57 ] Robust well control optimization under geological uncertainty using derivative-free TR. TR with quadratic models to navigate non-convex landscapes. Outperformed direct-search and population-based methods in convergence and NPV. Validates TR’s robustness for resource allocation in uncertain environments. [ 27 ] Latency-constrained variational quantum algorithms using adaptive sampling TR. TR with variance modeling to reduce quantum computer queries. Superior convergence efficiency (5,000 evaluations vs. 5,280 for TRC). Aligns with adaptive budget reallocation under dynamic threats. [ 6 ] IoE cybersecurity strategy via robust optimization and metaheuristics. NSGA-II and iterative methods for control selection under budget constraints. The iterative method outperformed NSGA-II in Pareto front quality and speed. Contrasts GA and TR with other metaheuristics for cybersecurity. [ 9 ] 5G network slicing optimization with multi-level cybersecurity investments. Modified GA for constrained profit maximization. GA effectively balanced security levels and service provision costs. Demonstrates GA's scalability in multi-tiered network optimization. [ 50 ] Thermal morphing optimization using TR and parameter ranking. TR with Q-DEIM model reduction to prioritize critical parameters. Reduced computational cost by focusing on high-impact parameters. Parallels TR’s role in prioritizing critical vulnerabilities in budgets. [ 43 ] Non-linear data assimilation via ensemble Kalman filter with TR. TR-based iterative optimization for non-Gaussian systems. Outperformed MLEF in convergence and stability. Validates TR’s reliability in high-stakes, non-linear scenarios. 3. Methodology This study employs a comparative optimization framework to allocate cybersecurity budgets across financial networks, evaluating genetic algorithms (GA) and trust-region methods (TRM). The problem is formulated as a constrained minimization of total risk cost, where risk is derived from Monte Carlo simulations incorporating attack probabilities (P attack ), threat exposure, and financial losses. Initial budgets and constraints are set for each entity (banks, fintech firms, vendors, etc.), with security logs (firewall status, open ports, failed logins) dynamically influencing risk assessment. The GA approach utilizes population-based evolution selection, crossover, and mutation over 50 generations to explore non-linear solutions. At the same time, the TRM leverages gradient-based local optimization with trust-region adjustments for faster convergence (215 iterations). Performance is assessed via convergence speed, solution robustness, and computational efficiency, with case studies contrasting scenarios (e.g., active vs. inactive firewall). Results highlight GA's superiority in handling stochastic, high-risk environments and TRM’s efficiency in smoother, constrained problems, providing actionable insights for adaptive cybersecurity budgeting. 3.1. Conceptual framework This research introduces an integrated conceptual framework for optimizing cybersecurity investments in interconnected financial networks, synthesizing technical, financial, and network dimensions. The model ingests three core input categories: node-specific security parameters (Vulnerability V, Compliance C, Threat Intelligence T, Risk scores R 1 /R 2 /R 0 ), financial constraints (Revenue, IT Budget, Employees, Devices, Insurance parameters), and network topology (Interdependency matrix W ij ). Stochastic perturbations simulate real-world uncertainty through perturbed inputs, feeding into an attack probability engine that calculates breach likelihood via an exponential risk function incorporating threat intelligence and compliance effectiveness. Risk manifests through dual channels: local node vulnerability and network-propagated effects. The optimization core minimizes a multi-component cost function investment (C inv ), insurance (C ins ), penalties (C pen ), and operational losses (C op ), subject to node-wise budget constraints (5–15% of revenue) and network-wide caps (total IT budget ≤ 10% of revenue). This objective is solved through dual complementary approaches: gradient-based SLSQP optimization for precise local minima and population-based genetic algorithms for global exploration. Real-time security monitoring (firewall status, open ports, login failures) triggers contextual alerts, while comprehensive visualization outputs (boxplots, heatmaps, scatter plots) transform optimized budgets and risk metrics (P attack , residual risk, cost distributions) into actionable intelligence for strategic cyber investment allocation across the networked ecosystem. To ensure computational feasibility and interpretability, the model relies on the following assumptions mentioned in Table 2 . Table 2 Model Assumptions Category Assumption Description Attack Probability Exponential risk response Attack likelihood increases exponentially with vulnerability and decreases with compliance. Gaussian noise in probabilities Randomness in attack likelihood is modeled via a normal distribution with mean zero and standard deviation σ Independence of attack drivers V, C, and T are treated as statistically independent after perturbation Risk Propagation Linear aggregation of local and network risk Residual risk is the sum of local node risk and interdependent network risk. Interdependency weights (W ij ) are row-normalized Ensures total outbound influence per node sums to 1 Static W matrix Network structure is fixed across iterations Cost Estimation Investment cost ≥ max of device cost, 35% budget, and scaled peer influence C inv = max (0.35·B, DeviceCost, β·(W·B)) Insurance cost capped at Imax Predefined insurer limits bound premiums Penalty costs for non-compliance scale with Pattack and the coverage gap Captures financial penalty risk tied to regulations Operational loss scales with disruption and expected revenue Cop = (1 − η)·D exp ·Revenue + η·(W·P attack ) Budget Constraints The node-level IT budget must be 5–15% of revenue Applied as inequality constraints Total network-wide budget ≤ 10% of total network revenue Global constraint for optimization Simulation Design Monte Carlo sampling with 10,000 iterations Risk and cost outputs are generated from perturbed simulations Inputs (V, C, T) are clipped to [0,1] after perturbation Ensures values remain within valid bounds Model parameters (β, γ, δ, κ, µ, θ) are fixed during simulation runs Allows controlled sensitivity analysis In this model, perturbation refers to the deliberate introduction of minor random variations to input parameters, specifically vulnerability (V), compliance (C), and threat intelligence (T), to reflect real-world uncertainty. Since these values are rarely precise or static, the model adds Gaussian noise with a mean of zero and a defined standard deviation to simulate their variability [ 17 ]. This approach enables robust Monte Carlo simulations, allowing the generation of a distribution of outcomes rather than a single deterministic result [ 63 ]. By perturbing inputs and clipping them within valid bounds (0,1), the model captures the stochastic nature of cyber risk and enhances the realism and resilience of the simulation. 3.2. Tools and Libraries The simulation, executed in Python 3 with NumPy, SciPy, Matplotlib, Seaborn, and NetworkX, performs 10,000 monte carlo iterations using Gaussian noise to model uncertainty. Each iteration computes attack probability, risk, and total cost per node, capturing rare cyber events with statistical precision. Outputs are recorded, printed, and visualized via saved plots, facilitating quantitative and graphical cyber risk analysis across interconnected financial networks. 3.3. Rationale for Monte Carlo simulation model The Monte Carlo simulation approach in this cyber risk model provides a robust analytical framework for evaluating cybersecurity vulnerabilities and financial exposure across a network of interconnected financial entities [ 63 ]. The model simulates thousands of attack scenarios and captures the inherent uncertainty and randomness associated with cyber threats, compliance levels, and control effectiveness. This probabilistic method allows managers to visualize a distribution of possible outcomes rather than relying on single-point estimates, thereby supporting better informed decisions about IT budget allocation, control implementation, and cyber insurance coverage [ 58 ]. It also highlights which nodes (e.g., banks, fintechs, vendors) are most vulnerable to risk and where we get significant returns for investments in cybersecurity. Ultimately, the Monte Carlo-driven insights help organizations proactively manage cyber risks, reduce potential penalties and operational losses, and ensure more resilient digital infrastructures in a rapidly evolving threat landscape [ 22 ]. 3.4. Model Formulation The proposed stochastic cyber-risk budgeting model offers a probabilistic framework for estimating the likelihood of a cyberattack on a specific node n at time t, accounting for both deterministic and stochastic influences. The model begins with a baseline probability (P base , representing the inherent risk of an attack in the absence of other modifying factors. The attack probability P cyber,n(t) is modeled as a product of several exponential terms, each capturing key risk dimensions: node vulnerability (V n ), risk mitigation efforts (R n,t ), compliance score (C n ), and threat intelligence score (T n ​) [ 7 , 48 ]. The first exponential term reflects the compounding effect of a node’s vulnerability, where higher vulnerability increases the risk of an attack, as given in Eq. (1). It is offset by mitigation measures such as security investments, patches, and controls represented by R n,t ​ [ 26 , 4 ]. The second term models compliance, where stronger adherence to security standards reduces attack probability. The third term incorporates threat intelligence, capturing exposure to known threat vectors. Parameters weight each of these dimensions, β, γ, and δ, which determine the relative influence of vulnerability, compliance, and threat intelligence, respectively. These weights reflect domain-specific insights into how various factors shape cyber risk within interconnected financial networks. To account for inherent unpredictability, the model includes a noise term ϵ n ∼N (0,σ 2 ), acknowledging that cyberattacks can still occur even in well-defended systems due to zero-day vulnerabilities or adversarial innovation. The exponential formulation enables non-linear risk interactions and compounding effects, addressing limitations of linear models highlighted [ 15 , 42 ]. The model's formulation thus provides a robust and dynamic basis for assessing cyberattack probabilities across a network of N interconnected nodes. All variables and parameters are detailed in Table 3 . This structure ensures probabilistic coherence and supports monte carlo simulations for risk distribution analysis, advancing quantitative methods. Table 3 Variables and Parameters in the Model Category Symbol Description Node Attributes N Number of nodes in the network V Vulnerability of each node C Security control level of each node T The threat level of each node R 1 Direct risk factors (e.g., exposure to attacks) R 2 Indirect risk factors (e.g., third-party dependencies) R0 Base risk level of each node W Weighted adjacency matrix representing network connections Financials Revenue Annual revenue of each node (USD) ITBudget IT budget of each node (USD) Employees Number of employees per node Devices Number of devices per node CostPerDevice Cost per device (USD) D exp Expected downtime cost as a fraction of revenue C req Required security control level (regulatory) P 0 Base insurance premium (USD) I max Maximum insurance coverage (USD) Model Parameters Beta(β) Sensitivity of attack probability to vulnerability Gamma(γ) Sensitivity of attack probability to security controls Delta(δ) Sensitivity of attack probability to threat level Mu(µ) Mitigation factor for residual risk Kappa(κ) Weight for local risk contribution Theta(θ) Weight for network risk contribution P base Base probability of attack M Insurance cost multiplier P r Penalty rate for insufficient controls Alpha(α) Influence of neighboring IT budgets Lambda(λ) Penalty weight for network control gaps Eta(η i ) Operational cost adjustment factor Sigma(ϵ n ) Noise level for stochastic simulations Cost Components C inv Investment cost (security measures) C ins Insurance cost C pen Penalty cost (regulatory non-compliance) C op Operational cost (downtime, recovery) C total Total cost (sum of all components) Outputs P attack Probability of attack for each node R t Residual risk for each node (local + network) B Budget constraint (derived from financials) Generalized cyber threat probability model for N nodes \\(\\:{P}_{\\left\\{attack,n\\right\\}\\left(t\\right)}=\\:{P}_{\\left\\{base\\right\\}}*exp\\left.\\left[\\:\\beta\\:\\left.\\left(\\:{V}_{n}-\\:{\\sum\\:}_{k=1}^{K}{R}_{n,k}{x}_{n,k}\\right.\\right)\\right.\\right]*exp\\left(-\\gamma\\:{C}_{n}\\right)*exp\\left(\\delta\\:{T}_{n}\\right)*exp\\left({ϵ}_{n}\\right)\\) ………………………1 The compliance score formula is a weighted average method used to evaluate an organization's adherence to cybersecurity controls. Each control is assigned a compliance score ranging from 0 to 1, representing its level of implementation, and a corresponding weight that reflects its importance. The compliance score is calculated by taking the sum of the weighted compliance scores and dividing it by the total weight of all controls. It ensures that more critical controls have a more significant impact on the final score. An organization is considered compliant if its compliance score meets or exceeds the required threshold, adjusted for a slight tolerance margin to account for minor deviations. The weighted average method is used in compliance scoring in Eq. (2) because it reflects the differential importance of various cybersecurity controls, ensuring that more critical or high-impact controls exert a greater influence on the overall compliance score. Not all controls carry the same risk implications some, such as encryption or multi-factor authentication, may mitigate significant vulnerabilities, while others, like password rotation policies, might have less impact. A simple average would treat all controls equally, potentially overstating compliance if only low-impact controls are well implemented. The weighted approach aligns with risk-based frameworks (e.g., NIST, ISO 27001), prioritizing controls based on threat likelihood and impact. Additionally, this method supports regulatory and auditing practices by providing a more nuanced and accurate reflection of an organization's cybersecurity posture, helping decision makers allocate resources more effectively [ 2 ]. Compliance score formula: given a set of cybersecurity controls C, each with a compliance score c i ​ and a weight w i ​, the weighted compliance score is calculated as: \\(\\:\\text{C}\\text{o}\\text{m}\\text{p}\\text{l}\\text{i}\\text{a}\\text{n}\\text{c}\\text{e}\\:\\text{S}\\text{c}\\text{o}\\text{r}\\text{e}=\\frac{{\\sum\\:}_{i=1}^{n}{c}_{i}{w}_{i}}{{\\sum\\:}_{i=1}^{n}{w}_{i}}\\) …………2 An organization is considered compliant if: Compliance Score ≥ (Required Compliance − Tolerance) In the proposed cyber risk model, compliance and threat intelligence are pivotal in assessing organizational cyberattack exposure. The compliance threshold is determined by subtracting a predefine tolerance margin from the required compliance level. This required level is provided by regulatory frameworks such as NIST CSF or ISO/IEC 27001, which set minimum standards depending on the sector's criticality [ 35 ]. In high-risk industries like Banking, Financial Services, and Insurance (BFSI), internal benchmarks may exceed 90% to ensure stringent cybersecurity postures [ 49 ]. The 3% and 10% tolerance allows for acceptable delays, minor control deviations, and operational flexibility. This formulation leads to a compliance threshold: Compliance Threshold = Required Compliance − Tolerance, enabling a balanced, risk-sensitive approach to compliance evaluation (Ali, 2020). Each component is assigned a predefine weight to ensure balanced influence on the final threat score, scaled between 0 and 1. Based on this score, risks are classified as low (T ≤ 0.2), medium (0.2 < T ≤ 0.5), high (0.5 < T ≤ 0.8), or critical (T > 0.8). The model simulates cyber risk and associated financial impact across a 15-node network of interconnected financial entities using 10,000 Monte Carlo iterations. It accounts for uncertainties in attack probability, control effectiveness, and threat dynamics by introducing stochastic noise and perturbations. Each node's risk exposure is tied to real-world indicators such as revenue, IT budget, insurance coverage, and penalties, enabling granular risk cost estimation to guide cybersecurity investments, insurance strategies, and compliance efforts. The threat intelligence score weights are set through expert judgment, empirical analysis, and adherence to industry frameworks (e.g., NIST CSF). Security practitioners evaluate each intelligence component, historical attacks, industry trends, network behavior, external feeds, and anomaly detection, assigning relative importance based on predictive value. Where available, historical breach data or machine learning calibration refines these weights; otherwise, organizations adopt best practices or tailor weights to their operational context. It ensures the score remains both adaptive and operationally relevant. The optimization model minimizes total cybersecurity expenditure comprising investment (C inv ), insurance (C ins ), penalty (C pen ), and operational (C op ) costs while enforcing compliance and managing cyberattack risk. Attack probability is a dynamic function of node vulnerability, controls, investments, and threat intelligence. Investment costs reflect internal and third-party safeguards; insurance premiums adjust for residual risk and compliance gaps; penalties capture deviations from mandatory security levels and service downtime losses; and operational costs cover continuous monitoring and incident response. The model extends traditional infrastructure focus for service-based supply chains by incorporating third-party vendor security, compliance risk, and service continuity expenses. The node-level cybersecurity budget (B) scales with revenue, IT spending, headcount, and service transaction volume, ensuring investments align with operational complexity [ 65 ]. Budget constraints cap total expenditure, preventing overspend while maintaining resilience. By holistically integrating cost components, risk drivers, and service-specific factors, this framework supports strategic, risk-adjusted cybersecurity planning across diverse supply chain contexts [ 36 ]. Cybersecurity budget for node i Each node i in the supply chain network requires a cybersecurity budget influenced by revenue, IT budget, employees, and interdependencies. B i = max(0.003 * R i , 0.08 * B IT,i , 1500 * E i , α * Σ (W ij * B j ) for j ∈ N i ) ……..3 It ensures risk-aware budgeting, accounting for both individual risks and network-wide risks. Investment cost across N nodes Security investment at each node must consider local and network-dependent risks. C inv,i = max(0.35 * B i , D i * C D,i , β * Σ (W ij * C inv,j ) for j ∈ N i ) …………..4 It ensures investment reflects network effects, preventing weak nodes from compromising the system. Insurance cost with network risk Cyber insurance premiums depend on local and network-wide risks. C ins,i = P 0,i + M i * (P attack,i * (R 0,i -R i ) + γ * Σ (W ij * P attack,j ) for j ∈ N i ) …………..5 with an upper cap: C ins,i = min(C ins,i , I max,i ) This structure ensures insurance costs reflect shared risks across the network Penalty cost for non-compliance Nodes that fail to comply with cybersecurity standards face penalties. C pen,i = P r,i * max(0, C req,i - C i ) * P attack,i + λ * Σ (W ij * (C req,j -C j )) for j ∈ N i …………..6 This ensures compliance enforcement is not just node-specific but also network-aware. Operational cost for incident response Operational costs include real-time monitoring and response. \\(\\:{C}_{\\left\\{op,i\\right\\}}=min\\:\\left.\\left(\\:max\\:\\left.\\left(\\:0.35*{B}_{i},\\:{D}_{\\left\\{exp,i\\right\\}}*{P}_{\\left\\{attack,i\\right\\}}*\\left(1\\:-\\:{\\eta\\:}_{i}\\right)+\\delta\\:*{\\sum\\:}_{i=1}^{n}{w}_{ij}{*D}_{exp.j}{*P}_{\\left\\{attack,j\\right\\}}\\right.\\right),\\:{C}_{\\left\\{op\\right\\}}^{\\left\\{max\\right\\}}\\right.\\right)\\) ……………………….7 ensures response costs account for cross-node incident dependencies. Total cost constraint for each node Each node's total cybersecurity cost must be within budget. C total,i =C inv,i +C ins,i +C pen,i +C op,i …………..8 C total,i ≤B i This guarantees that budget constraints are met individually and collectively. Risk propagation model \\(\\:{P}_{\\left\\{attack,i\\right\\}}={P}_{0}+\\:\\kappa\\:{R}_{i}+\\lambda\\:{\\sum\\:}_{j=1}^{N}{R}_{j}{\\text{W}}_{ij}\\) ………………..9 \\(\\:{R}_{i}^{\\left\\{t+1\\right\\}}=\\left(1\\:-\\:\\mu\\:\\right){R}_{i}^{t}+{\\sum\\:}_{j=1}^{N}{W}_{ij}{R}_{j}^{t}+\\theta\\:{P}_{\\left\\{attack,i\\right\\}}\\) …………………….10 The risk propagation model explains how cyber risk spreads through a service supply chain network over time. The probability of a cyberattack on a node is determined by a baseline attack probability (P 0 ), the node’s risk level (R i ), and the influence of connected nodes through an interdependency weight (W ij ). 3.5. Network Dependencies Figure 2 presents a heatmap of the interconnection weight matrix W ij ​, which visually depicts the dependency structure across the 15-node financial network. Each non-zero entry represents a directed risk influence from node i to node j, normalized such that the sum of outgoing weights from each node equals 1. Notably, nodes like Bank_A and Vendor_C demonstrate outward dependencies with equal weights of 0.5, signifying their role as risk propagators to multiple connected nodes (e.g., Payment Gateway_D and Data Center_E for Bank_A). The matrix also highlights strong bidirectional links among vendors, such as between Vendor_C and Vendor_H, suggesting potential systemic risk hotspots within the vendor network. These interdependencies emphasize the importance of monitoring highly connected nodes, as they can act as conduits for cascading cyber risks throughout the system. Normalized weights ensure proportional risk influence, aligning the model with real-world financial network behaviors. The selected sample, comprising a traditional bank, fintech company, third-party vendor, payment gateway, and data center, reflects the core structure and interdependencies of the modern financial supply chain [ 59 ]. These nodes exhibit diverse cyber risk profiles, enabling realistic simulation of the network's threat propagation and ripple effects. The mix captures regulatory, operational, and technological vulnerabilities commonly observed in real-world scenarios. This structure aligns with industry frameworks and current cybersecurity priorities, offering a scalable and generalizable foundation for modeling. The design supports comprehensive risk analysis and strategy testing within interconnected digital finance ecosystems. Each entity was assigned financial and operational attributes such as revenue, IT budget, employee count, and number of devices based on realistic industry norms. Larger institutions like Bank_A and Data Center_E were given higher compliance scores and lower vulnerability levels. At the same time, smaller entities like Vendor_C and Fintech_B reflected more limited cyber maturity, with reduced control deployment and higher susceptibility to threats. Interconnection weights between nodes were configured to simulate business-critical data exchanges, which were exceptionally high between Bank_A and Payment Gateway_D and Data Center_E, emphasizing systemic risk. The dataset structure supports stochastic simulations of cyberattack probabilities, budget allocation, control efficacy, and inter-node risk propagation, enabling dynamic modeling of cyber resilience across interconnected financial ecosystems. 3.6. Simulation Setup and Input Data The input data for the Monte Carlo cyber risk simulation model draws from multiple real-world and synthetic sources to ensure realistic modeling of financial sector vulnerabilities. Node-specific attributes like vulnerability scores, compliance levels, and threat intelligence metrics are calibrated using industry benchmarks from National Institute of Standards and Technology (NIST) vulnerability databases, International Organization for Standardization (ISO) 27001 audit results, and Financial Services Information Sharing and Analysis Center (FS ISAC) threat reports. Financial parameters, including revenue, IT budgets, and employee counts, are modeled after ranges observed in Securities and Exchange Commission (SEC) filings and Gartner IT spending surveys. In contrast, device counts reflect typical IT asset inventories. The model's core parameters (β, γ, δ weights for vulnerability, compliance, and threat intelligence) are derived from established frameworks like findability, accessibility, interoperability, and reusability (FAIR) principles, national institute of standards and technology cybersecurity framework (NIST CSF), and adversarial tactics, techniques, and common knowledge (ATT&CK) [ 55 ]. For interconnections, weights are estimated based on payment system data and vendor dependency matrices. When actual data is unavailable, synthetic values are generated using constrained randomization. For instance, banks were given lower vulnerability (0.1–0.4) and higher compliance scores (0.7–0.95), reflecting their regulated status. This hybrid approach combines verifiable industry data with carefully constrained synthetic values to maintain realism while ensuring the model remains applicable across different financial ecosystems. The simulation environment is structured to mirror a realistic, interconnected financial network composed of 15 heterogeneous digital nodes, including banks, fintech firms, payment processors, vendors, and data centers. Each node is uniquely defined by a set of cybersecurity and financial parameters that serve as model inputs, such as vulnerability, compliance, and threat intelligence levels, as well as financial metrics like revenue, number of employees, and devices. Control effectiveness is split into two components, compliance-driven (R₁ i ) and intelligence-driven (R₂ i ), with the total control effect given by R i = R₁ i + R₂ i [ 41 ]. These attributes are initialized using empirical ranges derived from real-world data. The network's structure is encoded using a weighted, directed adjacency matrix that captures the digital dependencies between nodes, with higher weights indicating more substantial inter-node reliance. The matrix is row-normalized to facilitate proper risk propagation modeling. To simulate uncertainty and variability, the model applies a Monte Carlo approach with 10,000 iterations, adding Gaussian noise to key variables (vulnerability, compliance, and threat intelligence) and clipping them to the [0,1] range to maintain realism [ 17 ]. Core model parameters such as the base attack probability (P 0 = 0.01), sensitivity coefficients (β, γ, δ), and risk propagation weights (κ = 0.7, θ = 0.3) are carefully calibrated through sensitivity analysis [ 25 , 60 ]. The optimization of IT budget allocations is constrained by realistic financial bounds (3–20% of revenue per node) and a global minimum investment threshold (5% of total revenue across all nodes) [ 23 , 29 , 64 ]. The SLSQP algorithm is used for optimization due to its effectiveness in solving non-linear problems with equality and inequality constraints. 4. Simulation Results and Analysis The simulation executed in Python using Monte Carlo methods involved 10,000 iterations to account for uncertainty across 15 interconnected financial nodes. 4.1. Comparative Analysis of Optimization Approaches This study presents a rigorous comparative analysis of two distinct optimization methodologies genetic algorithm (GA) and trust-region constrained (TRC) optimization for cyber risk mitigation in interconnected financial networks mentioned in Fig. 3 . GA demonstrated superior risk adaptive capabilities, recommending a substantial 99.8% budget increase ( $ 25.04M → $ 50.04M) with strategic prioritization of critical vulnerabilities. Specifically, GA reallocated resources by + 244% to payment gateways and + 156% to third-party vendors, reflecting heightened threat sensitivity and adaptive allocation. Conversely, in low-risk scenarios (firewall active, no threats), TRC maintained operational stability, making only a + 1.6% budget adjustment, preserving baseline allocations, and supporting a steady state infrastructure. Computational efficiency remained comparable (GA: 15s/50 generations; TRC: 16s/215 iterations), but GA demonstrated improved convergence (5,000 evaluations vs. TRC’s 5,280). These results highlight GA’s strength in dynamically shifting risk landscapes where aggressive and targeted reallocation is essential, while TRC proves effective in environments requiring fine-tuned, incremental optimization. A hybrid optimization strategy is thus recommended, deploying GA for quarterly risk-based budget overhauls and TRC for monthly refinements to achieve balanced, resilient, and cost-effective cybersecurity across evolving financial networks. Figure 4 presents a comparative visualization of attack probability, residual risk, and total cost across the 15 financial nodes in the cyber risk simulation. In the left panel, the box plots of P attack ​ reveal that vendors exhibit the highest median attack probabilities, reflecting their typically higher vulnerability and lower compliance scores. The middle panel, displaying residual risk distributions, indicates that compliant nodes such as Data Center_E have consistently lower risk levels, underscoring the protective impact of strong compliance measures. The right panel shows total cost distributions, with large banks and data centers incurring the highest costs due to their greater revenue scales, larger IT footprints, and extensive interconnections. These visualizations demonstrate how node type, compliance, and connectivity influence cyber risk exposure and associated financial impacts, providing valuable insights for strategic cybersecurity investment. Figure 5 presents a visualization of the cybersecurity landscape across different node types, plotting mean attack probability, residual risk, and total cost. The distribution reveals distinct strategic profiles: banks and data centers are positioned in the high cost region, indicating significant investments in cybersecurity, likely reflecting their critical infrastructure roles [ 52 ]. In contrast, vendors tend to cluster around higher attack probabilities with only moderate cost levels, suggesting comparatively lower investment or a higher exposure surface. The fintech and payment gateway nodes are more dispersed, reflecting varied strategies in balancing risk and cost. The plot illustrates that different entity types prioritize security investments differently, resulting in precise segmentation in cyber risk postures. Figure 6 illustrates the cumulative mean attack probability over 10,000 Monte Carlo iterations for three selected nodes: Bank_A, Vendor_C, and Data Center_E. The plot shows clear convergence behavior, with all curves flattening after approximately 2,000 iterations, validating the stability and reliability of the simulation outcomes. Notably, Vendor_C consistently exhibits the highest attack probability, stabilizing around 0.013, indicating a higher risk exposure than the other entities. In contrast, Bank_A and Data Center_E maintain lower and closely aligned attack probabilities, reflecting more robust defenses or reduced vulnerability surfaces. This disparity highlights the differing cybersecurity risk profiles and potentially unequal investment in mitigation strategies across organization types. Figure 7 presents the distribution of attack probabilities for Bank_A, combining a histogram with a kernel density estimate (KDE) to illustrate the underlying simulation results [ 8 , 45 ]. Most outcomes cluster below a 0.01 probability, indicating that Bank_A maintains a strong security posture, likely due to high compliance and adequate controls. However, a long right-skewed tail suggests a non-negligible risk under certain conditions, possibly arising from dynamic threat landscapes or interdependencies within the network. The histograms depict the simulated attack probability distributions for three representative nodes, Bank_A, Vendor_C, and Data Center_E, derived from 10,000 Monte Carlo iterations. Bank_A (left) exhibits a tightly clustered distribution around a mean P attack ​ of 0.008, reflecting its robust security coverage (C = 0.88) and low vulnerability (V = 0.12). In contrast, Vendor_C (middle) shows a broader distribution (mean P attack =0.012), consistent with its higher baseline vulnerability (V = 0.68) and moderate security (C = 0.62), indicating greater exposure to threats. Data Center_E (right) mirrors Bank_A’s low risk profile (mean P attack =0.008) due to its high security (C = 0.92) and critical infrastructure protections. These results align with the model's risk cost optimization, where vendors incur higher residual risk (0.007 vs. 0.003 for banks/data centers) and lower mitigation budgets ( $ 200K vs. $ 2.5M+). The right-skewed tails in Vendor_C's distribution further underscore the need for targeted investments in vendor security to reduce systemic risks. 5. Strategic Insights This study provides critical strategic insights for financial institutions navigating the complex trade-offs between cybersecurity investment and risk mitigation. The findings demonstrate that genetic algorithms (GA) offer superior adaptability for long-term cybersecurity budgeting, particularly in highly interconnected networks where systemic risks propagate across nodes. By exploring non-local optima, GA identifies counterintuitive yet effective budget reallocations such as prioritizing high-risk vendors or payment gateways that traditional optimization methods might overlook. However, the trust-region method’s strict adherence to financial constraints makes it indispensable for short-term, compliance-driven budget adjustments where feasibility is paramount. For financial institutions, the key takeaway is that a hybrid optimization strategy leveraging GA for exploratory risk modeling and trust-region for operational execution can maximize both resilience and fiscal discipline. Additionally, the study underscores the need for dynamic budget reallocation frameworks that adapt to evolving cyber threats, ensuring that security investments remain proactive and sustainable. Policymakers and CISOs should consider these insights when designing cybersecurity governance models, balancing innovation in risk optimization with the practical realities of budgetary constraints. Ultimately, this research advances a more nuanced, data-driven approach to cybersecurity investment, aligning strategic foresight with operational pragmatism. 5.1. Implications The findings of this study offer critical insights for cybersecurity managers, financial executives, and IT policymakers responsible for optimizing security budgets in interconnected financial networks. First, the genetic algorithm (GA) approach is particularly valuable for strategic decision making, as it identifies non-obvious budget reallocations that account for systemic cyber risks across interconnected nodes. Managers in highly networked environments (e.g., banking ecosystems, fintech collaborations) should consider GA for long-term cybersecurity investment planning, especially when facing evolving threats that require adaptive resource distribution. However, since GA may propose budgets that exceed financial constraints, organizations must incorporate penalty mechanisms or hybrid optimization to ensure feasibility. Conversely, the trust-region method is better suited for operational budget adjustments, as it strictly adheres to predefine financial boundaries (e.g., 3–20% of revenue). This makes it ideal for organizations with rigid compliance requirements or those needing incremental, risk-aware budget modifications. Managers should leverage this method for quarterly or annual budget refinements, ensuring alignment with organizational risk tolerance while maintaining fiscal discipline. A hybrid approach combining GA for exploratory optimization and trust-region for fine-tuning could offer the best of both worlds, enabling dynamic cybersecurity investment strategies that balance innovation with practicality. Additionally, risk-aware dashboards visualizing attack probabilities, residual risks, and cost breakdowns (as generated in this study) can aid executives in justifying cybersecurity expenditures to stakeholders. Ultimately, this research empowers managers to adopt data-driven, optimization-backed strategies that enhance cyber resilience while maximizing the return on security investments. 6. Discussion and Future Research Direction The comparative analysis of genetic algorithms (GA) and trust-region methods for optimizing cybersecurity budgets in financial networks yielded key insights into their efficiency, risk mitigation capabilities, and practical applicability. First, computational efficiency and solution quality varied significantly between the two methods. The GA converged in 50 generations (14.6 seconds), exploring non-local optima and producing budget allocations that deviated substantially from initial values (e.g., Bank_A’s budget increased from $ 2.55M to $ 3.62M). In contrast, the trust-region method required 215 iterations (15 seconds) but maintained budgets closer to initial values, suggesting better suitability for fine-tuning near feasible solutions. While GA excels in global exploration, trust-region is more efficient for local optimization, making the choice dependent on whether exploration or exploitation is prioritized. Second, risk and cost disparities across node types revealed that Vendors (e.g., Vendor_C) exhibited higher attack probabilities (P attack mean = 0.012) due to weaker security controls. At the same time, Banks (e.g., Bank_A) had lower risk (P attack mean = 0.008). The GA’s budget allocations better addressed network interdependencies, increasing investments in highly connected nodes (e.g., Payment Gateway_D: $ 4.13M vs. $ 1.2M initial). Meanwhile, the trust-region method provided more conservative adjustments, sometimes underfitting systemic risks (e.g., Vendor_M's residual risk remained at 0.005). It suggests that GA is more effective for holistic risk mitigation in interconnected environments. Finally, practical implications highlight trade-offs between flexibility and feasibility. The GA’s ability to discover non-intuitive budget shifts makes it valuable for strategic, long-term planning, particularly in dynamic threat landscapes. However, its solutions occasionally violated financial constraints (e.g., Bank_K’s $ 10.6M proposal). Conversely, the trust-region method strictly adhered to bounds (e.g., 3–20% of revenue), making it better suited for operational, short-term adjustments. A hybrid approach using GA for exploratory phases and trust-region for refinement could balance global optimization with real-world implementability. Based on the above discussions, some future research directions are suggested to explore below in Table 4 . Table 4 Future research directions with contribution. Research Gap Our Contribution Limitations in Existing Work Lack of comparative studies First empirical comparison of GA vs. trust-constr for cyber budget optimization. Prior works focus on single optimization methods (GA or gradient-based) without benchmarking. Constraint handling in cyber risk models Demonstrates trust-constr’s superiority in strict constraint adherence. Many studies use penalties (GA) or ignore bounds, leading to infeasible budgets. Networked risk propagation Dynamic Monte Carlo simulation with risk propagation across 15 nodes. Static models ignore interdependencies (e.g., W ij weights). Real-world financial applicability Enforces regulatory compliant bounds (IT budgets as % of revenue). Theoretical models lack revenue-linked budget constraints. Trade-off: Exploration vs. precision Quantifies GA’s penalty-induced distortions vs. trust-constr's precision. GA is favored for exploration but lacks feasibility guarantees. 7. Conclusion This study compared genetic algorithms (GA) and trust-region methods for optimizing cybersecurity budgets in financial networks, offering critical insights into their strengths and limitations. The results demonstrated that GA excels in exploring global optima, making it ideal for identifying non-intuitive budget allocations that mitigate systemic risks in interconnected environments. However, its solutions occasionally violated financial constraints, limiting immediate practicality. In contrast, the trust-region method provided more conservative, locally optimal budgets that strictly adhered to predefined bounds, ensuring feasibility but sometimes underfitting network-wide risks. The choice between these methods depends on the context: GA is better suited for strategic, long-term cybersecurity planning, while trust-region is preferable for operational, short-term budget adjustments. A hybrid approach, leveraging GA’s exploratory power and trust-region’s constraint adherence, could offer a balanced solution for dynamic financial networks. Future research should investigate adaptive optimization frameworks that dynamically integrate these techniques based on evolving threat landscapes and organizational priorities. Ultimately, this work provides a foundation for more efficient and resilient cybersecurity budget allocation in complex financial ecosystems. Declarations Author Contribution Authors ContributionsSantanu Mondal*: Conceptualization; Methodology; Formal analysis; Software; Investigation; Writing original draft; Visualization.Rashmi Singh: Validation; Resources; Writing review and editing; Supervision. Acknowledgement Acknowledgements:The authors would like to thank the Department of Management Studies, IIT (ISM) Dhanbad, for the support provided by the Institute for research. Special thanks to Dr. Rashmi Singh for critical discussions on organizational resilience and cyber risk modeling. Data Availability Statement Simulation outputs, model parameters, and network structures supporting this study are available from the corresponding author upon reasonable request for academic, non-commercial use, subject to institutional and ethical guidelines. References Abisoye, A., & Akerele, J. I. (2021). High-impact data-driven decision-making model for integrating cutting-edge cybersecurity strategies into public policy. Governance, and Organizational Frameworks . Abrahams, T. O., Farayola, O. A., Kaggwa, S., Uwaoma, P. U., Hassan, A. O., & Dawodu, S. O. (2024). Reviewing third party risk management: Best practices in accounting and cybersecurity for superannuation organizations. Finance Accounting Research Journal, 6 (1), 21–39. Ali, A. M. (2020). Analysis of the determinants of capital adequacy ratio: The case of Islamic banks in the Gulf Cooperation Council (GCC) (Master’s thesis, Sakarya Üniversitesi). Arroyabe, M. F., Arranz, C. F., De Arroyabe, I. F., & Fernandez de Arroyabe, J. C. (2024). Navigating cybersecurity: Environment’s impact on standards adoption and board involvement. Journal of Computer Information Systems , 1–21. https://doi.org/10.1080/08874417.2024.2302364 Atıcı, S., & Tuna, G. (2025). Modelling cybersecurity environment using Lotka-Volterra equations, and its stochastic analysis. Expert Systems with Applications , 129096 . https://doi.org/10.1016/j.eswa.2024.129096 Bokhari, S., Hamrioui, S., & Aider, M. (2022). Cybersecurity strategy under uncertainties for an IoE environment. Journal of Network and Computer Applications, 205 , 103426. https://doi.org/10.1016/j.jnca.2022.103426 Brho, M., Jazairy, A., & Glassburner, A. V. (2025). The finance of cybersecurity: Quantitative modeling of investment decisions and net present value. International Journal of Production Economics, 279 , 109448. https://doi.org/10.1016/j.ijpe.2025.109448 Calder, A. C., Fryxell, B., Plewa, T., Rosner, R., Dursi, L. J., Weirs, V. G., & Tufo, H. M. (2002). On validating an astrophysical simulation code. The Astrophysical Journal Supplement Series, 143 (1), 201. https://doi.org/10.1086/342684 Cappello, G. M., Colajanni, G., Daniele, P., & Sciacca, D. (2023). A constrained optimization model for the provision of services in a 5G network with multi-level cybersecurity investments. Soft Computing, 27 (18), 12979–12996. https://doi.org/10.1007/s00500-022-07117-5 Castilho, D., Souza, T. T., Kang, S. M., Gama, J., & de Carvalho, A. C. (2024). Forecasting financial market structure from network features using machine learning. Knowledge and Information Systems , 66 (8), 4497-4525. Chen, Q. (2025). Financial cost optimization of urban water resource scheduling using genetic algorithms: A metaheuristic approach. Expert Systems with Applications , 128617 . https://doi.org/10.1016/j.eswa.2024.128617 Chowdhary, M. A. M. (2025). Financial network infrastructure: Scalability, security and optimization. Cobos, E. V. (2024). Cybersecurity economics for emerging markets . World Bank Publications. Cui, C., & Qi, L. (2024). A power method for computing the dominant eigenvalue of a dual quaternion Hermitian matrix. Journal of Scientific Computing, 100 (1), 21. Dash, A., Sarmah, S. P., Tiwari, M. K., Jena, S. K., & Glock, C. H. (2024a). Cybersecurity investments in supply chains with two-stage risk propagation. Computers & Industrial Engineering, 197 , 110519. https://doi.org/10.1016/j.cie.2023.110519 Di Persio, L., Alruqimi, M., & Garbelli, M. (2024). Stochastic approaches to energy markets: From stochastic differential equations to mean field games and neural network modeling. Energies, 17 (23), 6106. Ding, J., Wang, Z., Duan, Y., Tong, X., & Lu, H. (2021). A digital simulation model for a full polarized microwave radiometer system and its calibration. Remote Sensing, 13 (23), 4888. https://doi.org/10.3390/rs13234888 Dong, H., & Kotenko, I. (2025). Cybersecurity in the AI era: analyzing the impact of machine learning on intrusion detection. Knowledge and Information Systems , 1-52. Ewan, P. M. (2023). The impact of budgeting on the risk of cybersecurity insider threat actions: From the perspective of IT engineers (Doctoral dissertation, Northcentral University). Fan, L., & Han, Z. (2022). Hybrid quantum-classical computing for future network optimization. IEEE Network, 36 (5), 72–76. Fernandes, P., Ferrer, À., Gonçalves, P., Parente, M., Pinto, R., & Correia, N. (2023). Stress-constrained topology optimization for commercial software: A python implementation for abaqus®. Applied Sciences, 13 (23), 12916. Gai, K., Qiu, M., & Hassan, H. (2017). Secure cyber incident analytics framework using Monte Carlo simulations for financial cybersecurity insurance in cloud computing. Concurrency and Computation: Practice and Experience, 29 (7), e3856. https://doi.org/10.1002/cpe.3856 Geunes, J., & Pardalos, P. M. (2003). Network optimization in supply chain management and financial engineering: An annotated bibliography. Networks, 42 (2), 66–84. https://doi.org/10.1002/net.10073 Güler, M., & Büyüközkan, G. (2025). Cybersecurity maturity assessment using an incomplete hesitant fuzzy AHP method and Bonferroni means operator. Expert Systems with Applications, 282 , Article 127268. https://doi.org/10.1016/j.eswa.2024.127268 Gupta, A. (2016). Simulation modeling and analysis. In M. K. Tiwari & S. P. Sarmah (Eds.), Decision sciences (pp. 817–902). CRC Press. Gupta, S., Modgil, S., Meissonier, R., & Dwivedi, Y. K. (2021). Artificial intelligence and information system resilience to cope with supply chain disruption. IEEE Transactions on Engineering Management . https://doi.org/10.1109/TEM.2021.3073534 Ha, Y., Shashaani, S., & Menickelly, M. (2025). Two-stage estimation and variance modeling for latency-constrained variational quantum algorithms. INFORMS Journal on Computing, 37 (1). https://doi.org/10.1287/ijoc.2024.0575 Hamidzadeh, J., Mehravaran, Z., & Harati, A. (2025). Feature selection by utilizing kernel-based fuzzy rough set and entropy-based non-dominated sorting genetic algorithm in multi-label data. Knowledge and Information Systems , 67 (4), 3789-3819. Huang, C. D., & Behara, R. S. (2013). Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. International Journal of Production Economics, 141 (1), 255–268. https://doi.org/10.1016/j.ijpe.2012.08.005 Javaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P., & Hur, J. (2024). Cybersecurity threats in FinTech: A systematic review. Expert Systems with Applications, 241 , Article 122697. https://doi.org/10.1016/j.eswa.2023.122697 Kandasamy, V., & Roseline, A. A. (2025). Harnessing advanced hybrid deep learning model for real-time detection and prevention of man-in-the-middle cyber attacks. Scientific Reports, 15 (1), 1697. Karimi, A., Mohajerani, M., Alinasab, N., & Akhlaghinezhad, F. (2024). Integrating machine learning and genetic algorithms to optimize building energy and thermal efficiency under historical and future climate scenarios. Sustainability, 16 (21), 9324. Katuri, S. (n.d.). Cybersecurity threats in digital banking: A comprehensive analysis . Koca, M., & Çiftçi, S. (2025). A comprehensive bibliometric analysis of Big Data and Cyber Security: intellectual structure, trends, and global collaborations: M. Koca, S. Çiftçi. Knowledge and Information Systems , 1-26. Koza, E. (2022). Semantic analysis of ISO/IEC 27000 standard series and NIST cybersecurity framework to outline differences and consistencies in the context of operational and strategic information security. Media Engineering Themes, 2 , 26–39. Lawrie, M., & Tsetsekos, G. (2021). Business leadership in turbulent times: Decision making for value creation . Archway Publishing. Lin, L., & Gen, M. (2009). Auto-tuning strategy for evolutionary algorithms: Balancing between exploration and exploitation. Soft Computing, 13 (2), 157–168. Lou, G., Guo, Y., Lai, Z., Ma, H., & Tu, X. (2024). Optimal resilience strategy for manufacturers to deal with supply disruptions: Investment in supply stability versus dual sourcing. Computers & Industrial Engineering, 190 , Article 110030. https://doi.org/10.1016/j.cie.2023.110030 Lyu, B., Guo, S., Gu, J. W., & Ching, W. K. (2025). Adjustable cash inflows based online investment decision making. Expert Systems with Applications , 127940 . https://doi.org/10.1016/j.eswa.2024.127940 Mohamed, N. (2025). Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms. Knowledge and Information Systems , 1-87. Muckin, M., & Fitch, S. C. (2014). A threat driven approach to cyber security . Lockheed Martin Corporation. Nagurney, A., Daniele, P., & Shukla, S. (2017). A supply chain network game theory model of cybersecurity investments with non-linear budget constraints. Annals of Operations Research, 248 , 405–427. https://doi.org/10.1007/s10479-015-1892-4 Nino-Ruiz, E. D. (2019). Non-linear data assimilation via trust region optimization. Computational & Applied Mathematics, 38 (3), 129. https://doi.org/10.1007/s40314-019-0901-x Norquist, D. L. (2019). DoD digital modernization strategy: DoD information resources management strategic plan FY19-23 . O’Brien, T. A., Kashinath, K., Cavanaugh, N. R., Collins, W. D., & O’Brien, J. P. (2016). A fast and objective multidimensional kernel density estimation method: fastKDE. Computational Statistics & Data Analysis, 101 , 148–160. https://doi.org/10.1016/j.csda.2016.02.014 Palma, A., Sorrentino, A., & Bonomi, S. (2025). How to assess measurement capabilities of a security monitoring infrastructure and plan investment through a graph-based approach. Expert Systems with Applications, 262 , Article 125623. Patyal, M., Sampalli, S., Ye, Q., & Rahman, M. (2017). Multi-layered defense architecture against ransomware. International Journal of Business and Cyber Security, 1 (2). Paul, J. A., & Wang, X. J. (2019). Socially optimal IT investment for cybersecurity. Decision Support Systems, 122 , 113069. https://doi.org/10.1016/j.dss.2019.113069 Pawar, S., & Palivela, H. (2025). Need of paradigm shift in cybersecurity implementation for small and medium enterprises (SMEs). International Journal of Cybersecurity Intelligence and Cybercrime, 8 (1), 4. Phoenix, A. A., Borggaard, J., & Tarazaga, P. A. (2018). Thermal morphing anisogrid smart space structures part 2: Ranking of geometric parameter importance, trust region optimization, and performance evaluation. Journal of Vibration and Control, 24 (13), 2873–2893. https://doi.org/10.1177/1077546317695464 Qian, E., Grepl, M., Veroy, K., & Willcox, K. (2017). A certified trust region reduced basis approach to PDE-constrained optimization. SIAM Journal on Scientific Computing, 39 (5), S434–S460. https://doi.org/10.1137/16M1081981 Rabzelj, M., Bohak, C., Južnič, L. Š., Kos, A., & Sedlar, U. (2023). Cyberattack graph modeling for visual analytics. IEEE Access, 11 , 86910–86944. https://doi.org/10.1109/ACCESS.2023.3297540 Rees, L. P., Deane, J. K., Rakes, T. R., & Baker, W. H. (2011). Decision support for cybersecurity risk planning. Decision Support Systems, 51 (3), 493–505. https://doi.org/10.1016/j.dss.2011.02.013 Reis, A. L., Andrade-Campos, A., Henggeler Antunes, C., Lopes, M. A., & Antunes, A. (2024). Cost-efficient pump operation in water supply systems considering demand-side management. Journal of Water Resources Planning and Management, 150 (6), 04024017. Saunders, A., & Brynjolfsson, E. (2016). Valuing information technology related intangible assets. MIS Quarterly, 40 (1), 83–110. https://doi.org/10.25300/MISQ/2016/40.1.04 Sheikholeslami, F., & Navimipour, N. J. (2017). Service allocation in the cloud environments using multi-objective particle swarm optimization algorithm based on crowding distance. Swarm and Evolutionary Computation, 35 , 53–64. Silva, T. L., Bellout, M. C., Giuliani, C., Camponogara, E., & Pavlov, A. (2022). Derivative-free trust region optimization for robust well control under geological uncertainty. Computational Geosciences, 26 (2), 329–349. https://doi.org/10.1007/s10596-022-10132-y Skeoch, H. R. (2022). Expanding the Gordon-Loeb model to cyber insurance. Computers & Security, 112 , 102533. https://doi.org/10.1016/j.cose.2021.102533 Song, H., Han, S., Liu, W., & Ganguly, A. (2023). What role do FinTech companies play in supply chain finance? A signaling intermediary perspective. Journal of Business & Industrial Marketing, 38 (6), 1279–1294. https://doi.org/10.1108/JBIM-03-2022-0115 Spencer, B. W., Hoffman, W. M., Biswas, S., Jiang, W., Giorla, A., & Backman, M. A. (2021). Grizzly and BlackBear: Structural component aging simulation codes. Nuclear Technology, 207 (7), 981–1003. https://doi.org/10.1080/00295450.2020.1794286 Tan, K. C., Lee, T. H., & Khor, E. F. (2002). Evolutionary algorithms for multi-objective optimization: Performance assessments and comparisons. Artificial Intelligence Review, 17 (4), 251–290. Verma, S., Pant, M., & Snasel, V. (2021). A comprehensive review on NSGA-II for multi-objective combinatorial optimization problems. IEEE Access, 9 , 57757–57791. Wang, J., Neil, M., & Fenton, N. (2020). A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. Computers & Security, 89 , 101659. https://doi.org/10.1016/j.cose.2019.101659 Yi, P., Ding, H., & Ramamurthy, B. (2016). Budget optimized network aware joint resource allocation in grids/clouds over optical networks. Journal of Lightwave Technology, 34 (16), 3890–3900. https://doi.org/10.1109/JLT.2016.2582160 Yin, J., Khan, R. U., Wang, X., & Asad, M. (2024). A data centered multi factor seaport disruption risk assessment using Bayesian networks. Ocean Engineering, 308 , 118338. https://doi.org/10.1016/j.oceaneng.2024.118338 Yu, J., Shvetsov, A. V., & Alsamhi, S. H. (2024). Leveraging machine learning for cybersecurity resilience in industry 4.0: Challenges and future directions. IEEE Access . Zografopoulos, I., Ospina, J., Liu, X., & Konstantinou, C. (2021). Cyber-physical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access, 9 , 29775–29818. Additional Declarations No competing interests reported. Supplementary Files Appendix.docx Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {\"props\":{\"pageProps\":{\"initialData\":{\"identity\":\"rs-7323238\",\"acceptedTermsAndConditions\":true,\"allowDirectSubmit\":true,\"archivedVersions\":[],\"articleType\":\"Research Article\",\"associatedPublications\":[],\"authors\":[{\"id\":501523552,\"identity\":\"9af91243-4ad8-48f4-9498-f0c1559bea3f\",\"order_by\":0,\"name\":\"Santanu Mondal\",\"email\":\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA8klEQVRIie3RP0oEMRTH8V8IxObBtG+b8QqRAbHzKhm8gLDNVhoRdpuFbUe8hLCwdSDgNHOAhRQOeIGVbSwGMf7pxOyUW+RbBj7kvQTI5Y6w4sRqmBmXhRQW5vfUpchk6TR23UU1uRd3dhTRW6PFw3xWPznEa0blrjZ7UizWrVz0/bBBsXDCXyeEsM/TRyKW5z4OVs8DuDPwTYJIsawkMasfYgOwBTwliJIUiWaqvtcfAk4PEVJUicYwa/lFVIgPcoAwqSl2jjXHwZq4C511tU2Sy5fXNeqPm9vVqu3f3odQlq33+xT5OylG/08ul8vl/u0TilVOm5MFdvwAAAAASUVORK5CYII=\",\"orcid\":\"\",\"institution\":\"Indian Institute of Technology Dhanbad\",\"correspondingAuthor\":true,\"prefix\":\"\",\"firstName\":\"Santanu\",\"middleName\":\"\",\"lastName\":\"Mondal\",\"suffix\":\"\"},{\"id\":501523553,\"identity\":\"ebe4c6d3-e7ae-4734-a235-9a378aed67a9\",\"order_by\":1,\"name\":\"Rashmi Singh\",\"email\":\"\",\"orcid\":\"\",\"institution\":\"Indian Institute of Technology Dhanbad\",\"correspondingAuthor\":false,\"prefix\":\"\",\"firstName\":\"Rashmi\",\"middleName\":\"\",\"lastName\":\"Singh\",\"suffix\":\"\"}],\"badges\":[],\"createdAt\":\"2025-08-08 04:08:18\",\"currentVersionCode\":1,\"declarations\":\"\",\"doi\":\"10.21203/rs.3.rs-7323238/v1\",\"doiUrl\":\"https://doi.org/10.21203/rs.3.rs-7323238/v1\",\"draftVersion\":[],\"editorialEvents\":[],\"editorialNote\":\"\",\"failedWorkflow\":false,\"files\":[{\"id\":89465533,\"identity\":\"8c7c60a6-106d-427e-a606-057a4c78ed5e\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:30:11\",\"extension\":\"png\",\"order_by\":1,\"title\":\"Figure 1\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":327798,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eConceptual framework of the model\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage1.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/6bb44d3d212bb915f8446385.png\"},{\"id\":89464303,\"identity\":\"80a9b188-9caf-4705-9c10-f68853780205\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:22:11\",\"extension\":\"png\",\"order_by\":2,\"title\":\"Figure 2\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":363723,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eInterconnection weights heatmap (W\\u003csub\\u003eij\\u003c/sub\\u003e) across the financial network\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage2.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/68897c0fe37b8e41a2267709.png\"},{\"id\":89463616,\"identity\":\"b2b98913-ce2a-4993-b728-010dc69e366b\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:14:11\",\"extension\":\"png\",\"order_by\":3,\"title\":\"Figure 3\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":161624,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eBudget allocation flowchart\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage3.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/5b8cd09d99f2a1d091a40e23.png\"},{\"id\":89465535,\"identity\":\"2a354a71-66b6-456b-9e65-bc3e71e4c795\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:30:12\",\"extension\":\"png\",\"order_by\":4,\"title\":\"Figure 4\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":314607,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eDistributions of Attack Probability, Residual Risk, and Total Cost across 15 financial nodes.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage4.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/40b1a46ec17a45d64e33b75b.png\"},{\"id\":89464306,\"identity\":\"41a91e62-914e-4672-a7a8-1ef6b302d371\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:22:11\",\"extension\":\"png\",\"order_by\":5,\"title\":\"Figure 5\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":279443,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eDistribution of node types in the space of mean attack probability, residual risk, and total cost.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage5.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/95adda222e7f1894504be963.png\"},{\"id\":89463617,\"identity\":\"694e94f4-6c99-4f9c-a87f-c2a3c7c7963e\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:14:11\",\"extension\":\"png\",\"order_by\":6,\"title\":\"Figure 6\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":186131,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eCumulative mean attack probability across 10,000 iterations for three representative nodes.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage6.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/46cf1b7bbabb43de0af1e996.png\"},{\"id\":89463621,\"identity\":\"5e6426a1-fad7-43d3-a427-b3e8ea985111\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:14:11\",\"extension\":\"png\",\"order_by\":7,\"title\":\"Figure 7\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":211901,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eHistogram and kernel density estimate (KDE) of P\\u003csub\\u003eattack\\u003c/sub\\u003e for Bank_A, Vendor_C, and Data Center_E.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"floatimage7.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/2938f7b0ee2faa3ad972a3ac.png\"},{\"id\":89467089,\"identity\":\"a45c0503-7660-455a-bce5-b8cbaba736ac\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:46:16\",\"extension\":\"pdf\",\"order_by\":0,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"manuscript-pdf\",\"size\":2852700,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"manuscript.pdf\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/94c67273-b745-4341-bdac-6f23b64472a5.pdf\"},{\"id\":89463611,\"identity\":\"4d1be0f9-5a23-4f95-b57b-edd55a34241f\",\"added_by\":\"auto\",\"created_at\":\"2025-08-20 08:14:11\",\"extension\":\"docx\",\"order_by\":1,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"supplement\",\"size\":15422,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"Appendix.docx\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-7323238/v1/8275078335617d8eac308f67.docx\"}],\"financialInterests\":\"No competing interests reported.\",\"formattedTitle\":\"Optimizing Cybersecurity Budgets in Financial Networks: A Comparative Study of Genetic Algorithms and Trust-Region Methods\",\"fulltext\":[{\"header\":\"1. Introduction\",\"content\":\"\\u003cp\\u003eCybersecurity threats in financial networks are escalating at an alarming rate, with global cybercrime costs projected to reach \\u003cspan\\u003e$\\u003c/span\\u003e10.5 trillion annually by 2025 [\\u003cspan citationid=\\\"CR13\\\" class=\\\"CitationRef\\\"\\u003e13\\u003c/span\\u003e]. Financial institutions, including banks, fintech firms, and payment gateways, face an average of 2,200 cyberattacks daily, with 43% targeting small and mid-sized vendors due to weaker defenses (IBM Security, 2023). Despite increasing IT budgets, financial firms now allocate 10\\u0026ndash;15% of revenue to cybersecurity. Many organizations struggle with inefficient resource allocation, leading to either underprotected critical nodes or overspending on low-risk assets [\\u003cspan citationid=\\\"CR19\\\" class=\\\"CitationRef\\\"\\u003e19\\u003c/span\\u003e]. Traditional optimization methods, such as rule-based budgeting, often fail to account for network interdependencies, where a single breach in a vendor can cascade into systemic failures [\\u003cspan citationid=\\\"CR12\\\" class=\\\"CitationRef\\\"\\u003e12\\u003c/span\\u003e]. This study addresses this gap by comparing genetic algorithms (GA) and trust-region methods for optimizing cybersecurity budgets in interconnected financial networks. Leveraging Monte Carlo simulations on a 15-node financial ecosystem, we evaluate how each method balances risk reduction, cost efficiency, and computational feasibility. Our findings provide actionable insights for policymakers and chief information security officers (CISOs) seeking data-driven strategies to mitigate cyber risks while maintaining fiscal discipline in an increasingly volatile threat landscape [\\u003cspan citationid=\\\"CR1\\\" class=\\\"CitationRef\\\"\\u003e1\\u003c/span\\u003e]. Recent advances in computational optimization have introduced powerful tools for cybersecurity resource allocation, with genetic algorithms (GA) and trust-region constrained optimization (trust-constr) emerging as prominent approaches [\\u003cspan citationid=\\\"CR54\\\" class=\\\"CitationRef\\\"\\u003e54\\u003c/span\\u003e]. While GA offers global search capabilities through evolutionary principles, trust-constr methods provide mathematically rigorous solutions with guaranteed constraint satisfaction [\\u003cspan citationid=\\\"CR21\\\" class=\\\"CitationRef\\\"\\u003e21\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR37\\\" class=\\\"CitationRef\\\"\\u003e37\\u003c/span\\u003e]. However, the financial sector\\u0026rsquo;s unique requirements, including mandatory budget caps, interdependent risks, and regulatory compliance, create a challenging optimization landscape where the relative performance of these methods remains underexplored. This study explores a comparison between these two methods by addressing the following research questions:\\u003c/p\\u003e\\u003cp\\u003eRQ1: How do genetic algorithms (GA) and trust-region methods compare in optimizing cybersecurity budgets for financial networks in terms of computational efficiency and solution quality?\\u003c/p\\u003e\\u003cp\\u003eRQ2: How do cybersecurity risks and costs vary between node types (e.g., Banks vs. Vendors) under optimized budgets, and which method better addresses these disparities?\\u003c/p\\u003e\\u003cp\\u003eRQ3: Given real-world constraints, what are the practical implications of each optimization method for IT budget allocation in financial networks?\\u003c/p\\u003e\\u003cp\\u003eTo address these research questions the structure of this paper is organized as follows: Section \\u003cspan refid=\\\"Sec2\\\" class=\\\"InternalRef\\\"\\u003e2\\u003c/span\\u003e provides a comprehensive literature review, highlighting prior work in cybersecurity optimization; Section \\u003cspan refid=\\\"Sec3\\\" class=\\\"InternalRef\\\"\\u003e3\\u003c/span\\u003e outlines the methodology adopted for our comparative study; Section \\u003cspan refid=\\\"Sec10\\\" class=\\\"InternalRef\\\"\\u003e4\\u003c/span\\u003e presents detailed simulation results and analysis; Section \\u003cspan refid=\\\"Sec12\\\" class=\\\"InternalRef\\\"\\u003e5\\u003c/span\\u003e offers strategic insights derived from our findings; Section \\u003cspan refid=\\\"Sec14\\\" class=\\\"InternalRef\\\"\\u003e6\\u003c/span\\u003e discusses broader implications and suggests future research directions; and Section \\u003cspan refid=\\\"Sec15\\\" class=\\\"InternalRef\\\"\\u003e7\\u003c/span\\u003e concludes with key recommendations for practitioners.\\u003c/p\\u003e\"},{\"header\":\"2. Literature Review\",\"content\":\"\\u003cp\\u003eThe growing sophistication of cyber threats necessitates advanced risk management frameworks that integrate technical vulnerabilities, financial constraints, and network interdependencies. Recent advances in cyber risk modeling within financial networks have highlighted the need for optimization techniques to effectively handle non-linearity, high dimensionality, and uncertainty in threats and investment constraints [\\u003cspan citationid=\\\"CR67\\\" class=\\\"CitationRef\\\"\\u003e67\\u003c/span\\u003e]. A comprehensive bibliometric analysis identifies the intellectual structure, research trends, and global collaboration patterns in Big Data and cybersecurity [\\u003cspan citationid=\\\"CR34\\\" class=\\\"CitationRef\\\"\\u003e34\\u003c/span\\u003e]. Trust-region methods (TRM) and genetic algorithms (GA) represent two prominent, yet distinct, approaches to address this challenge. The Genetic Algorithm (GA) in the model follows a standard structure with key components: population (P) of candidate solutions (individuals), fitness function (F) evaluating solution quality (minimizing cyber risk costs), selection (S) using tournament selection to choose parents, crossover (C) blending parent traits via cxBlend, and mutation (M) applying Gaussian noise for diversity. The GA iteratively evolves P over generations (G), preserving elites via hall of fame (H). Symbolically: P\\u003csub\\u003et+1\\u003c/sub\\u003e=M(C(S(P\\u003csub\\u003et\\u003c/sub\\u003e,F),mutpb)) where parameters like crossover rate (cxpb\\u0026thinsp;=\\u0026thinsp;0.7) and mutation rate (mutpb\\u0026thinsp;=\\u0026thinsp;0.3) guide convergence toward optimal IT budgets. Chen (2025) applied a genetic algorithm-based metaheuristic to optimize the financial cost of urban water resource scheduling. TRM has gained prominence in simulation-based cyber risk environments, particularly when integrated with monte carlo simulations to manage cyber-attack\\u0026rsquo;s uncertain financial impact and propagate risks across interconnected nodes [\\u003cspan citationid=\\\"CR16\\\" class=\\\"CitationRef\\\"\\u003e16\\u003c/span\\u003e]. The Trust-Region Method in the model optimizes IT budgets by iteratively solving constrained subproblems within a trust region radius (Δ). At each iteration, it approximates the objective function f(x) (cyber risk costs) with a quadratic model m\\u003csub\\u003ek\\u003c/sub\\u003e(x\\u003csub\\u003ek\\u003c/sub\\u003e+s)\\u0026thinsp;\\u0026asymp;\\u0026thinsp;f(x\\u003csub\\u003ek\\u003c/sub\\u003e)+\\u0026nabla;f(x\\u003csub\\u003ek\\u003c/sub\\u003e)\\u003csup\\u003eT\\u003c/sup\\u003es+0.5s\\u003csup\\u003eT\\u003c/sup\\u003eB\\u003csub\\u003ek\\u003c/sub\\u003es, where B\\u003csub\\u003ek\\u003c/sub\\u003e​ is the Hessian or its approximation. The step s\\u003csub\\u003ek\\u003c/sub\\u003e is computed by solving: Min of m\\u003csub\\u003ek\\u003c/sub\\u003e(s); subject to ∥s∥\\u0026le;Δ\\u003csub\\u003ek\\u003c/sub\\u003e. The region Δ\\u003csub\\u003ek\\u003c/sub\\u003e is adjusted based on the ratio ρ\\u003csub\\u003ek\\u003c/sub\\u003e=(f(x\\u003csub\\u003ek\\u003c/sub\\u003e)\\u0026thinsp;\\u0026minus;\\u0026thinsp;f(x\\u003csub\\u003ek\\u003c/sub\\u003e+s\\u003csub\\u003ek\\u003c/sub\\u003e))/(m\\u003csub\\u003ek\\u003c/sub\\u003e(0)\\u0026thinsp;\\u0026minus;\\u0026thinsp;m\\u003csub\\u003ek\\u003c/sub\\u003e(s\\u003csub\\u003ek\\u003c/sub\\u003e)​) to balance accuracy and convergence where bounds [L\\u003csub\\u003ei\\u003c/sub\\u003e,U\\u003csub\\u003ei\\u003c/sub\\u003e] ensure feasibility. An online investment decision-making model that optimizes returns under adjustable cash inflow constraints is proposed [\\u003cspan citationid=\\\"CR39\\\" class=\\\"CitationRef\\\"\\u003e39\\u003c/span\\u003e]. These methods excel in local refinement, especially under strict constraints and quantifiable risk landscapes, offering convergence guarantees even when derivative information is absent or unreliable [\\u003cspan citationid=\\\"CR16\\\" class=\\\"CitationRef\\\"\\u003e16\\u003c/span\\u003e]. Advances like eigenvalue-based Gauss Newton subproblem solvers, adaptive surrogate modeling, and variable fidelity trust-region frameworks have enhanced TRM computational efficiency and robustness in cybersecurity budget allocation tasks [\\u003cspan citationid=\\\"CR14\\\" class=\\\"CitationRef\\\"\\u003e14\\u003c/span\\u003e]. TRMs are also widely applied across high-stakes domains from quantum-classical optimization to aerodynamic design, data assimilation in energy systems, and multi-agent policy learning, demonstrating versatility in navigating complex, non-convex landscapes with reduced simulation overhead [\\u003cspan citationid=\\\"CR20\\\" class=\\\"CitationRef\\\"\\u003e20\\u003c/span\\u003e].\\u003c/p\\u003e\\u003cp\\u003eIn contrast, GA provides a globally explorative mechanism well-suited for multi-objective and combinatorial problems, particularly those with discrete decision variables and non-differentiable functions, such as cyber-investment strategies in IoT, 5G, and multi-cloud environments [\\u003cspan citationid=\\\"CR61\\\" class=\\\"CitationRef\\\"\\u003e61\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR44\\\" class=\\\"CitationRef\\\"\\u003e44\\u003c/span\\u003e]. GA employs evolutionary operations like selection, crossover, and mutation to explore diverse solution spaces, which is especially valuable in financial ecosystems characterized by incomplete threat visibility and dynamic adversarial behavior [\\u003cspan citationid=\\\"CR62\\\" class=\\\"CitationRef\\\"\\u003e62\\u003c/span\\u003e]. Research has shown that GA, especially advanced variants like non-dominated sorting genetic algorithm II (NSGA-II) and time-varying particle swarm optimization, are capable of producing Pareto-optimal solutions that balance cost, risk exposure, and service-level constraints [\\u003cspan citationid=\\\"CR56\\\" class=\\\"CitationRef\\\"\\u003e56\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR47\\\" class=\\\"CitationRef\\\"\\u003e47\\u003c/span\\u003e]. Their effectiveness has been demonstrated in portfolio selection models, robust knapsack-type budget problems, and multi-layered network defense architectures [\\u003cspan citationid=\\\"CR66\\\" class=\\\"CitationRef\\\"\\u003e66\\u003c/span\\u003e]. A two-stage cyber risk propagation model is developed for supply chains, emphasizing optimal cybersecurity investment to mitigate cascading threats[\\u003cspan citationid=\\\"CR15\\\" class=\\\"CitationRef\\\"\\u003e15\\u003c/span\\u003e]. A detailed review highlights current AI and machine learning techniques in cybersecurity and outlines future research directions [\\u003cspan citationid=\\\"CR40\\\" class=\\\"CitationRef\\\"\\u003e40\\u003c/span\\u003e]. An analysis investigates how machine learning impacts intrusion detection in the context of modern cybersecurity systems [\\u003cspan citationid=\\\"CR18\\\" class=\\\"CitationRef\\\"\\u003e18\\u003c/span\\u003e]. Compared to traditional solvers, GA offers greater scalability and resilience in discovering globally optimal configurations across heterogeneous cybersecurity infrastructures [\\u003cspan citationid=\\\"CR66\\\" class=\\\"CitationRef\\\"\\u003e66\\u003c/span\\u003e]. Despite their strengths, both methods have limitations. TRM may converge to local optima in multimodal landscapes, while GA may suffer from slow convergence rates or lack of precision in constraint satisfaction. Consequently, hybrid frameworks that combine the local precision of TRM with the global exploration capabilities of GA represent a promising direction. Dual sourcing and supply stability investments, identifying optimal resilience strategies is compared for manufacturers facing supply disruptions [\\u003cspan citationid=\\\"CR38\\\" class=\\\"CitationRef\\\"\\u003e38\\u003c/span\\u003e]. A Lotka-Volterra-based dynamic model IS proposed to analyze cyber-attack and defense interactions under stochastic conditions [\\u003cspan citationid=\\\"CR5\\\" class=\\\"CitationRef\\\"\\u003e5\\u003c/span\\u003e]. A cybersecurity maturity assessment framework using an incomplete hesitant fuzzy AHP and Bonferroni means [\\u003cspan citationid=\\\"CR24\\\" class=\\\"CitationRef\\\"\\u003e24\\u003c/span\\u003e]. A systematic review of cybersecurity threats specific is conducted to the FinTech sector [\\u003cspan citationid=\\\"CR30\\\" class=\\\"CitationRef\\\"\\u003e30\\u003c/span\\u003e]. A graph-based method is developed to evaluate monitoring infrastructure and optimize cybersecurity investment decisions[\\u003cspan citationid=\\\"CR46\\\" class=\\\"CitationRef\\\"\\u003e46\\u003c/span\\u003e]. A hybrid feature selection method integrates kernel-based fuzzy rough sets with entropy-based NSGA for multi-label classification tasks [\\u003cspan citationid=\\\"CR28\\\" class=\\\"CitationRef\\\"\\u003e28\\u003c/span\\u003e]. A machine learning approach is used to forecast financial market structures based on network features [\\u003cspan citationid=\\\"CR10\\\" class=\\\"CitationRef\\\"\\u003e10\\u003c/span\\u003e]. The key findings with relevant literature are presented in Table\\u0026nbsp;\\u003cspan refid=\\\"Tab1\\\" class=\\\"InternalRef\\\"\\u003e1\\u003c/span\\u003e.\\u003c/p\\u003e\\u003cp\\u003e\\u003cdiv class=\\\"gridtable\\\"\\u003e\\u003ctable float=\\\"Yes\\\" id=\\\"Tab1\\\" border=\\\"1\\\"\\u003e\\u003ccaption language=\\\"En\\\"\\u003e\\u003cdiv class=\\\"CaptionNumber\\\"\\u003eTable 1\\u003c/div\\u003e\\u003cdiv class=\\\"CaptionContent\\\"\\u003e\\u003cp\\u003eLiterature review with key findings\\u003c/p\\u003e\\u003c/div\\u003e\\u003c/caption\\u003e\\u003ccolgroup cols=\\\"5\\\"\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c1\\\" colnum=\\\"1\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c2\\\" colnum=\\\"2\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c3\\\" colnum=\\\"3\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c4\\\" colnum=\\\"4\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c5\\\" colnum=\\\"5\\\"\\u003e\\u003c/div\\u003e\\u003cthead\\u003e\\u003ctr\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eCitation\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eKey Focus\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eMethodology\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eFindings\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eRelevance to Current Study\\u003c/p\\u003e\\u003c/th\\u003e\\u003c/tr\\u003e\\u003c/thead\\u003e\\u003ctbody\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR53\\\" class=\\\"CitationRef\\\"\\u003e53\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eCybersecurity risk planning using genetic algorithms (GAs) for countermeasure selection under uncertainty.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eGA-based decision support system with fuzzy sets to model uncertain threat rates and impacts.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eDemonstrated GA\\u0026rsquo;s effectiveness in optimizing countermeasure portfolios under budget constraints.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eSupports GA\\u0026rsquo;s applicability in cybersecurity budget allocation under uncertainty.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR51\\\" class=\\\"CitationRef\\\"\\u003e51\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003ePDE-constrained optimization using trust-region (TR) methods with reduced basis models.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eCertified TR framework with surrogate models to reduce computational costs.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eAchieved 86% reduction in full-fidelity solves while guaranteeing convergence.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eHighlights TR\\u0026rsquo;s efficiency in high-dimensional optimization, analogous to budget reallocation.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR57\\\" class=\\\"CitationRef\\\"\\u003e57\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eRobust well control optimization under geological uncertainty using derivative-free TR.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eTR with quadratic models to navigate non-convex landscapes.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eOutperformed direct-search and population-based methods in convergence and NPV.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eValidates TR\\u0026rsquo;s robustness for resource allocation in uncertain environments.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR27\\\" class=\\\"CitationRef\\\"\\u003e27\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eLatency-constrained variational quantum algorithms using adaptive sampling TR.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eTR with variance modeling to reduce quantum computer queries.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eSuperior convergence efficiency (5,000 evaluations vs. 5,280 for TRC).\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eAligns with adaptive budget reallocation under dynamic threats.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR6\\\" class=\\\"CitationRef\\\"\\u003e6\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eIoE cybersecurity strategy via robust optimization and metaheuristics.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eNSGA-II and iterative methods for control selection under budget constraints.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eThe iterative method outperformed NSGA-II in Pareto front quality and speed.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eContrasts GA and TR with other metaheuristics for cybersecurity.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR9\\\" class=\\\"CitationRef\\\"\\u003e9\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003e5G network slicing optimization with multi-level cybersecurity investments.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eModified GA for constrained profit maximization.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eGA effectively balanced security levels and service provision costs.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eDemonstrates GA's scalability in multi-tiered network optimization.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR50\\\" class=\\\"CitationRef\\\"\\u003e50\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eThermal morphing optimization using TR and parameter ranking.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eTR with Q-DEIM model reduction to prioritize critical parameters.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eReduced computational cost by focusing on high-impact parameters.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eParallels TR\\u0026rsquo;s role in prioritizing critical vulnerabilities in budgets.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003e[\\u003cspan citationid=\\\"CR43\\\" class=\\\"CitationRef\\\"\\u003e43\\u003c/span\\u003e]\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eNon-linear data assimilation via ensemble Kalman filter with TR.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eTR-based iterative optimization for non-Gaussian systems.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c4\\\"\\u003e\\u003cp\\u003eOutperformed MLEF in convergence and stability.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c5\\\"\\u003e\\u003cp\\u003eValidates TR\\u0026rsquo;s reliability in high-stakes, non-linear scenarios.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003c/tbody\\u003e\\u003c/colgroup\\u003e\\u003c/table\\u003e\\u003c/div\\u003e\\u003c/p\\u003e\"},{\"header\":\"3. Methodology\",\"content\":\"\\u003cp\\u003eThis study employs a comparative optimization framework to allocate cybersecurity budgets across financial networks, evaluating genetic algorithms (GA) and trust-region methods (TRM). The problem is formulated as a constrained minimization of total risk cost, where risk is derived from Monte Carlo simulations incorporating attack probabilities (P\\u003csub\\u003eattack\\u003c/sub\\u003e), threat exposure, and financial losses. Initial budgets and constraints are set for each entity (banks, fintech firms, vendors, etc.), with security logs (firewall status, open ports, failed logins) dynamically influencing risk assessment. The GA approach utilizes population-based evolution selection, crossover, and mutation over 50 generations to explore non-linear solutions. At the same time, the TRM leverages gradient-based local optimization with trust-region adjustments for faster convergence (215 iterations). Performance is assessed via convergence speed, solution robustness, and computational efficiency, with case studies contrasting scenarios (e.g., active vs. inactive firewall). Results highlight GA's superiority in handling stochastic, high-risk environments and TRM\\u0026rsquo;s efficiency in smoother, constrained problems, providing actionable insights for adaptive cybersecurity budgeting.\\u003c/p\\u003e\\u003cdiv id=\\\"Sec4\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e3.1. Conceptual framework\\u003c/h2\\u003e\\u003cp\\u003eThis research introduces an integrated conceptual framework for optimizing cybersecurity investments in interconnected financial networks, synthesizing technical, financial, and network dimensions. The model ingests three core input categories: node-specific security parameters (Vulnerability V, Compliance C, Threat Intelligence T, Risk scores R\\u003csub\\u003e1\\u003c/sub\\u003e/R\\u003csub\\u003e2\\u003c/sub\\u003e/R\\u003csub\\u003e0\\u003c/sub\\u003e), financial constraints (Revenue, IT Budget, Employees, Devices, Insurance parameters), and network topology (Interdependency matrix W\\u003csub\\u003eij\\u003c/sub\\u003e). Stochastic perturbations simulate real-world uncertainty through perturbed inputs, feeding into an attack probability engine that calculates breach likelihood via an exponential risk function incorporating threat intelligence and compliance effectiveness. Risk manifests through dual channels: local node vulnerability and network-propagated effects. The optimization core minimizes a multi-component cost function investment (C\\u003csub\\u003einv\\u003c/sub\\u003e), insurance (C\\u003csub\\u003eins\\u003c/sub\\u003e), penalties (C\\u003csub\\u003epen\\u003c/sub\\u003e), and operational losses (C\\u003csub\\u003eop\\u003c/sub\\u003e), subject to node-wise budget constraints (5\\u0026ndash;15% of revenue) and network-wide caps (total IT budget\\u0026thinsp;\\u0026le;\\u0026thinsp;10% of revenue). This objective is solved through dual complementary approaches: gradient-based SLSQP optimization for precise local minima and population-based genetic algorithms for global exploration. Real-time security monitoring (firewall status, open ports, login failures) triggers contextual alerts, while comprehensive visualization outputs (boxplots, heatmaps, scatter plots) transform optimized budgets and risk metrics (P\\u003csub\\u003eattack\\u003c/sub\\u003e, residual risk, cost distributions) into actionable intelligence for strategic cyber investment allocation across the networked ecosystem.\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eTo ensure computational feasibility and interpretability, the model relies on the following assumptions mentioned in Table\\u0026nbsp;\\u003cspan refid=\\\"Tab2\\\" class=\\\"InternalRef\\\"\\u003e2\\u003c/span\\u003e.\\u003c/p\\u003e\\u003cp\\u003e\\u003cdiv class=\\\"gridtable\\\"\\u003e\\u003ctable float=\\\"Yes\\\" id=\\\"Tab2\\\" border=\\\"1\\\"\\u003e\\u003ccaption language=\\\"En\\\"\\u003e\\u003cdiv class=\\\"CaptionNumber\\\"\\u003eTable 2\\u003c/div\\u003e\\u003cdiv class=\\\"CaptionContent\\\"\\u003e\\u003cp\\u003eModel Assumptions\\u003c/p\\u003e\\u003c/div\\u003e\\u003c/caption\\u003e\\u003ccolgroup cols=\\\"3\\\"\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c1\\\" colnum=\\\"1\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c2\\\" colnum=\\\"2\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c3\\\" colnum=\\\"3\\\"\\u003e\\u003c/div\\u003e\\u003cthead\\u003e\\u003ctr\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eCategory\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eAssumption\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eDescription\\u003c/p\\u003e\\u003c/th\\u003e\\u003c/tr\\u003e\\u003c/thead\\u003e\\u003ctbody\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"2\\\" rowspan=\\\"3\\\"\\u003e\\u003cp\\u003eAttack Probability\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eExponential risk response\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eAttack likelihood increases exponentially with vulnerability and decreases with compliance.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eGaussian noise in probabilities\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eRandomness in attack likelihood is modeled via a normal distribution with mean zero and standard deviation σ\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eIndependence of attack drivers\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eV, C, and T are treated as statistically independent after perturbation\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"2\\\" rowspan=\\\"3\\\"\\u003e\\u003cp\\u003eRisk Propagation\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eLinear aggregation of local and network risk\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eResidual risk is the sum of local node risk and interdependent network risk.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eInterdependency weights (W\\u003csub\\u003eij\\u003c/sub\\u003e) are row-normalized\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eEnsures total outbound influence per node sums to 1\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eStatic W matrix\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eNetwork structure is fixed across iterations\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"3\\\" rowspan=\\\"4\\\"\\u003e\\u003cp\\u003eCost Estimation\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eInvestment cost\\u0026thinsp;\\u0026ge;\\u0026thinsp;max of device cost, 35% budget, and scaled peer influence\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003einv\\u003c/sub\\u003e = max (0.35\\u0026middot;B, DeviceCost, β\\u0026middot;(W\\u0026middot;B))\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eInsurance cost capped at Imax\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003ePredefined insurer limits bound premiums\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003ePenalty costs for non-compliance scale with Pattack and the coverage gap\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eCaptures financial penalty risk tied to regulations\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eOperational loss scales with disruption and expected revenue\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eCop = (1\\u0026thinsp;\\u0026minus;\\u0026thinsp;η)\\u0026middot;D\\u003csub\\u003eexp\\u003c/sub\\u003e\\u0026middot;Revenue\\u0026thinsp;+\\u0026thinsp;η\\u0026middot;(W\\u0026middot;P\\u003csub\\u003eattack\\u003c/sub\\u003e)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"1\\\" rowspan=\\\"2\\\"\\u003e\\u003cp\\u003eBudget Constraints\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eThe node-level IT budget must be 5\\u0026ndash;15% of revenue\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eApplied as inequality constraints\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eTotal network-wide budget\\u0026thinsp;\\u0026le;\\u0026thinsp;10% of total network revenue\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eGlobal constraint for optimization\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"2\\\" rowspan=\\\"3\\\"\\u003e\\u003cp\\u003eSimulation Design\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eMonte Carlo sampling with 10,000 iterations\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eRisk and cost outputs are generated from perturbed simulations\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eInputs (V, C, T) are clipped to [0,1] after perturbation\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eEnsures values remain within valid bounds\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eModel parameters (β, γ, δ, κ, \\u0026micro;, θ) are fixed during simulation runs\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eAllows controlled sensitivity analysis\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003c/tbody\\u003e\\u003c/colgroup\\u003e\\u003c/table\\u003e\\u003c/div\\u003e\\u003c/p\\u003e\\u003cp\\u003eIn this model, perturbation refers to the deliberate introduction of minor random variations to input parameters, specifically vulnerability (V), compliance (C), and threat intelligence (T), to reflect real-world uncertainty. Since these values are rarely precise or static, the model adds Gaussian noise with a mean of zero and a defined standard deviation to simulate their variability [\\u003cspan citationid=\\\"CR17\\\" class=\\\"CitationRef\\\"\\u003e17\\u003c/span\\u003e]. This approach enables robust Monte Carlo simulations, allowing the generation of a distribution of outcomes rather than a single deterministic result [\\u003cspan citationid=\\\"CR63\\\" class=\\\"CitationRef\\\"\\u003e63\\u003c/span\\u003e]. By perturbing inputs and clipping them within valid bounds (0,1), the model captures the stochastic nature of cyber risk and enhances the realism and resilience of the simulation.\\u003c/p\\u003e\\u003c/div\\u003e\\u003cdiv id=\\\"Sec5\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e3.2. Tools and Libraries\\u003c/h2\\u003e\\u003cp\\u003eThe simulation, executed in Python 3 with NumPy, SciPy, Matplotlib, Seaborn, and NetworkX, performs 10,000 monte carlo iterations using Gaussian noise to model uncertainty. Each iteration computes attack probability, risk, and total cost per node, capturing rare cyber events with statistical precision. Outputs are recorded, printed, and visualized via saved plots, facilitating quantitative and graphical cyber risk analysis across interconnected financial networks.\\u003c/p\\u003e\\u003c/div\\u003e\\u003cdiv id=\\\"Sec6\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e3.3. Rationale for Monte Carlo simulation model\\u003c/h2\\u003e\\u003cp\\u003eThe Monte Carlo simulation approach in this cyber risk model provides a robust analytical framework for evaluating cybersecurity vulnerabilities and financial exposure across a network of interconnected financial entities [\\u003cspan citationid=\\\"CR63\\\" class=\\\"CitationRef\\\"\\u003e63\\u003c/span\\u003e]. The model simulates thousands of attack scenarios and captures the inherent uncertainty and randomness associated with cyber threats, compliance levels, and control effectiveness. This probabilistic method allows managers to visualize a distribution of possible outcomes rather than relying on single-point estimates, thereby supporting better informed decisions about IT budget allocation, control implementation, and cyber insurance coverage [\\u003cspan citationid=\\\"CR58\\\" class=\\\"CitationRef\\\"\\u003e58\\u003c/span\\u003e]. It also highlights which nodes (e.g., banks, fintechs, vendors) are most vulnerable to risk and where we get significant returns for investments in cybersecurity. Ultimately, the Monte Carlo-driven insights help organizations proactively manage cyber risks, reduce potential penalties and operational losses, and ensure more resilient digital infrastructures in a rapidly evolving threat landscape [\\u003cspan citationid=\\\"CR22\\\" class=\\\"CitationRef\\\"\\u003e22\\u003c/span\\u003e].\\u003c/p\\u003e\\u003c/div\\u003e\\u003cdiv id=\\\"Sec7\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e3.4. Model Formulation\\u003c/h2\\u003e\\u003cp\\u003eThe proposed stochastic cyber-risk budgeting model offers a probabilistic framework for estimating the likelihood of a cyberattack on a specific node n at time t, accounting for both deterministic and stochastic influences. The model begins with a baseline probability (P\\u003csub\\u003ebase\\u003c/sub\\u003e, representing the inherent risk of an attack in the absence of other modifying factors. The attack probability P\\u003csub\\u003ecyber,n(t)\\u003c/sub\\u003e is modeled as a product of several exponential terms, each capturing key risk dimensions: node vulnerability (V\\u003csub\\u003en\\u003c/sub\\u003e), risk mitigation efforts (R\\u003csub\\u003en,t\\u003c/sub\\u003e), compliance score (C\\u003csub\\u003en\\u003c/sub\\u003e), and threat intelligence score (T\\u003csub\\u003en\\u003c/sub\\u003e​) [\\u003cspan citationid=\\\"CR7\\\" class=\\\"CitationRef\\\"\\u003e7\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR48\\\" class=\\\"CitationRef\\\"\\u003e48\\u003c/span\\u003e]. The first exponential term reflects the compounding effect of a node\\u0026rsquo;s vulnerability, where higher vulnerability increases the risk of an attack, as given in Eq.\\u0026nbsp;(1). It is offset by mitigation measures such as security investments, patches, and controls represented by R\\u003csub\\u003en,t\\u003c/sub\\u003e​ [\\u003cspan citationid=\\\"CR26\\\" class=\\\"CitationRef\\\"\\u003e26\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR4\\\" class=\\\"CitationRef\\\"\\u003e4\\u003c/span\\u003e]. The second term models compliance, where stronger adherence to security standards reduces attack probability. The third term incorporates threat intelligence, capturing exposure to known threat vectors. Parameters weight each of these dimensions, β, γ, and δ, which determine the relative influence of vulnerability, compliance, and threat intelligence, respectively. These weights reflect domain-specific insights into how various factors shape cyber risk within interconnected financial networks. To account for inherent unpredictability, the model includes a noise term ϵ\\u003csub\\u003en\\u003c/sub\\u003e\\u0026sim;N (0,σ\\u003csup\\u003e2\\u003c/sup\\u003e), acknowledging that cyberattacks can still occur even in well-defended systems due to zero-day vulnerabilities or adversarial innovation. The exponential formulation enables non-linear risk interactions and compounding effects, addressing limitations of linear models highlighted [\\u003cspan citationid=\\\"CR15\\\" class=\\\"CitationRef\\\"\\u003e15\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR42\\\" class=\\\"CitationRef\\\"\\u003e42\\u003c/span\\u003e]. The model's formulation thus provides a robust and dynamic basis for assessing cyberattack probabilities across a network of N interconnected nodes. All variables and parameters are detailed in Table\\u0026nbsp;\\u003cspan refid=\\\"Tab3\\\" class=\\\"InternalRef\\\"\\u003e3\\u003c/span\\u003e. This structure ensures probabilistic coherence and supports monte carlo simulations for risk distribution analysis, advancing quantitative methods.\\u003c/p\\u003e\\u003cp\\u003e\\u003cdiv class=\\\"gridtable\\\"\\u003e\\u003ctable float=\\\"Yes\\\" id=\\\"Tab3\\\" border=\\\"1\\\"\\u003e\\u003ccaption language=\\\"En\\\"\\u003e\\u003cdiv class=\\\"CaptionNumber\\\"\\u003eTable 3\\u003c/div\\u003e\\u003cdiv class=\\\"CaptionContent\\\"\\u003e\\u003cp\\u003eVariables and Parameters in the Model\\u003c/p\\u003e\\u003c/div\\u003e\\u003c/caption\\u003e\\u003ccolgroup cols=\\\"3\\\"\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c1\\\" colnum=\\\"1\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c2\\\" colnum=\\\"2\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c3\\\" colnum=\\\"3\\\"\\u003e\\u003c/div\\u003e\\u003cthead\\u003e\\u003ctr\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eCategory\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eSymbol\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eDescription\\u003c/p\\u003e\\u003c/th\\u003e\\u003c/tr\\u003e\\u003c/thead\\u003e\\u003ctbody\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"7\\\" rowspan=\\\"8\\\"\\u003e\\u003cp\\u003eNode Attributes\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eN\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eNumber of nodes in the network\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eV\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eVulnerability of each node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eSecurity control level of each node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eT\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eThe threat level of each node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eR\\u003csub\\u003e1\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eDirect risk factors (e.g., exposure to attacks)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eR\\u003csub\\u003e2\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eIndirect risk factors (e.g., third-party dependencies)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eR0\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eBase risk level of each node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eW\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eWeighted adjacency matrix representing network connections\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"8\\\" rowspan=\\\"9\\\"\\u003e\\u003cp\\u003eFinancials\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eRevenue\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eAnnual revenue of each node (USD)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eITBudget\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eIT budget of each node (USD)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eEmployees\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eNumber of employees per node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eDevices\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eNumber of devices per node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eCostPerDevice\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eCost per device (USD)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eD\\u003csub\\u003eexp\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eExpected downtime cost as a fraction of revenue\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003ereq\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eRequired security control level (regulatory)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eP\\u003csub\\u003e0\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eBase insurance premium (USD)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eI\\u003csub\\u003emax\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eMaximum insurance coverage (USD)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"12\\\" rowspan=\\\"13\\\"\\u003e\\u003cp\\u003eModel Parameters\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eBeta(β)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eSensitivity of attack probability to vulnerability\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eGamma(γ)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eSensitivity of attack probability to security controls\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eDelta(δ)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eSensitivity of attack probability to threat level\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eMu(\\u0026micro;)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eMitigation factor for residual risk\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eKappa(κ)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eWeight for local risk contribution\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eTheta(θ)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eWeight for network risk contribution\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eP\\u003csub\\u003ebase\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eBase probability of attack\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eM\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eInsurance cost multiplier\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eP\\u003csub\\u003er\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003ePenalty rate for insufficient controls\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eAlpha(α)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eInfluence of neighboring IT budgets\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eLambda(λ)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003ePenalty weight for network control gaps\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eEta(η\\u003csub\\u003ei\\u003c/sub\\u003e)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eOperational cost adjustment factor\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eSigma(ϵ\\u003csub\\u003en\\u003c/sub\\u003e)\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eNoise level for stochastic simulations\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"4\\\" rowspan=\\\"5\\\"\\u003e\\u003cp\\u003eCost Components\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003einv\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eInvestment cost (security measures)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003eins\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eInsurance cost\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003epen\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003ePenalty cost (regulatory non-compliance)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003eop\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eOperational cost (downtime, recovery)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eC\\u003csub\\u003etotal\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eTotal cost (sum of all components)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\" morerows=\\\"2\\\" rowspan=\\\"3\\\"\\u003e\\u003cp\\u003eOutputs\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eP\\u003csub\\u003eattack\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eProbability of attack for each node\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eR\\u003csub\\u003et\\u003c/sub\\u003e\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eResidual risk for each node (local\\u0026thinsp;+\\u0026thinsp;network)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eB\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eBudget constraint (derived from financials)\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003c/tbody\\u003e\\u003c/colgroup\\u003e\\u003c/table\\u003e\\u003c/div\\u003e\\u003c/p\\u003e\\u003cp\\u003eGeneralized cyber threat probability model for N nodes\\u003c/p\\u003e\\u003cp\\u003e\\u003cspan class=\\\"InlineEquation\\\"\\u003e\\u003cspan class=\\\"mathinline\\\"\\u003e\\\\(\\\\:{P}_{\\\\left\\\\{attack,n\\\\right\\\\}\\\\left(t\\\\right)}=\\\\:{P}_{\\\\left\\\\{base\\\\right\\\\}}*exp\\\\left.\\\\left[\\\\:\\\\beta\\\\:\\\\left.\\\\left(\\\\:{V}_{n}-\\\\:{\\\\sum\\\\:}_{k=1}^{K}{R}_{n,k}{x}_{n,k}\\\\right.\\\\right)\\\\right.\\\\right]*exp\\\\left(-\\\\gamma\\\\:{C}_{n}\\\\right)*exp\\\\left(\\\\delta\\\\:{T}_{n}\\\\right)*exp\\\\left({ϵ}_{n}\\\\right)\\\\)\\u003c/span\\u003e\\u003c/span\\u003e \\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;1\\u003c/p\\u003e\\u003cp\\u003eThe compliance score formula is a weighted average method used to evaluate an organization's adherence to cybersecurity controls. Each control is assigned a compliance score ranging from 0 to 1, representing its level of implementation, and a corresponding weight that reflects its importance. The compliance score is calculated by taking the sum of the weighted compliance scores and dividing it by the total weight of all controls. It ensures that more critical controls have a more significant impact on the final score. An organization is considered compliant if its compliance score meets or exceeds the required threshold, adjusted for a slight tolerance margin to account for minor deviations. The weighted average method is used in compliance scoring in Eq.\\u0026nbsp;(2) because it reflects the differential importance of various cybersecurity controls, ensuring that more critical or high-impact controls exert a greater influence on the overall compliance score. Not all controls carry the same risk implications some, such as encryption or multi-factor authentication, may mitigate significant vulnerabilities, while others, like password rotation policies, might have less impact. A simple average would treat all controls equally, potentially overstating compliance if only low-impact controls are well implemented. The weighted approach aligns with risk-based frameworks (e.g., NIST, ISO 27001), prioritizing controls based on threat likelihood and impact. Additionally, this method supports regulatory and auditing practices by providing a more nuanced and accurate reflection of an organization's cybersecurity posture, helping decision makers allocate resources more effectively [\\u003cspan citationid=\\\"CR2\\\" class=\\\"CitationRef\\\"\\u003e2\\u003c/span\\u003e]. Compliance score formula: given a set of cybersecurity controls C, each with a compliance score c\\u003csub\\u003ei\\u003c/sub\\u003e​ and a weight w\\u003csub\\u003ei\\u003c/sub\\u003e​, the weighted compliance score is calculated as:\\u003c/p\\u003e\\u003cp\\u003e\\u003cspan class=\\\"InlineEquation\\\"\\u003e\\u003cspan class=\\\"mathinline\\\"\\u003e\\\\(\\\\:\\\\text{C}\\\\text{o}\\\\text{m}\\\\text{p}\\\\text{l}\\\\text{i}\\\\text{a}\\\\text{n}\\\\text{c}\\\\text{e}\\\\:\\\\text{S}\\\\text{c}\\\\text{o}\\\\text{r}\\\\text{e}=\\\\frac{{\\\\sum\\\\:}_{i=1}^{n}{c}_{i}{w}_{i}}{{\\\\sum\\\\:}_{i=1}^{n}{w}_{i}}\\\\)\\u003c/span\\u003e\\u003c/span\\u003e\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;2\\u003c/p\\u003e\\u003cp\\u003eAn organization is considered compliant if: Compliance Score \\u0026ge; (Required Compliance\\u0026thinsp;\\u0026minus;\\u0026thinsp;Tolerance)\\u003c/p\\u003e\\u003cp\\u003eIn the proposed cyber risk model, compliance and threat intelligence are pivotal in assessing organizational cyberattack exposure. The compliance threshold is determined by subtracting a predefine tolerance margin from the required compliance level. This required level is provided by regulatory frameworks such as NIST CSF or ISO/IEC 27001, which set minimum standards depending on the sector's criticality [\\u003cspan citationid=\\\"CR35\\\" class=\\\"CitationRef\\\"\\u003e35\\u003c/span\\u003e]. In high-risk industries like Banking, Financial Services, and Insurance (BFSI), internal benchmarks may exceed 90% to ensure stringent cybersecurity postures [\\u003cspan citationid=\\\"CR49\\\" class=\\\"CitationRef\\\"\\u003e49\\u003c/span\\u003e]. The 3% and 10% tolerance allows for acceptable delays, minor control deviations, and operational flexibility. This formulation leads to a compliance threshold: Compliance Threshold\\u0026thinsp;=\\u0026thinsp;Required Compliance\\u0026thinsp;\\u0026minus;\\u0026thinsp;Tolerance, enabling a balanced, risk-sensitive approach to compliance evaluation (Ali, 2020). Each component is assigned a predefine weight to ensure balanced influence on the final threat score, scaled between 0 and 1. Based on this score, risks are classified as low (T\\u0026thinsp;\\u0026le;\\u0026thinsp;0.2), medium (0.2\\u0026thinsp;\\u0026lt;\\u0026thinsp;T\\u0026thinsp;\\u0026le;\\u0026thinsp;0.5), high (0.5\\u0026thinsp;\\u0026lt;\\u0026thinsp;T\\u0026thinsp;\\u0026le;\\u0026thinsp;0.8), or critical (T\\u0026thinsp;\\u0026gt;\\u0026thinsp;0.8). The model simulates cyber risk and associated financial impact across a 15-node network of interconnected financial entities using 10,000 Monte Carlo iterations. It accounts for uncertainties in attack probability, control effectiveness, and threat dynamics by introducing stochastic noise and perturbations. Each node's risk exposure is tied to real-world indicators such as revenue, IT budget, insurance coverage, and penalties, enabling granular risk cost estimation to guide cybersecurity investments, insurance strategies, and compliance efforts. The threat intelligence score weights are set through expert judgment, empirical analysis, and adherence to industry frameworks (e.g., NIST CSF). Security practitioners evaluate each intelligence component, historical attacks, industry trends, network behavior, external feeds, and anomaly detection, assigning relative importance based on predictive value. Where available, historical breach data or machine learning calibration refines these weights; otherwise, organizations adopt best practices or tailor weights to their operational context. It ensures the score remains both adaptive and operationally relevant. The optimization model minimizes total cybersecurity expenditure comprising investment (C\\u003csub\\u003einv\\u003c/sub\\u003e), insurance (C\\u003csub\\u003eins\\u003c/sub\\u003e), penalty (C\\u003csub\\u003epen\\u003c/sub\\u003e), and operational (C\\u003csub\\u003eop\\u003c/sub\\u003e) costs while enforcing compliance and managing cyberattack risk. Attack probability is a dynamic function of node vulnerability, controls, investments, and threat intelligence. Investment costs reflect internal and third-party safeguards; insurance premiums adjust for residual risk and compliance gaps; penalties capture deviations from mandatory security levels and service downtime losses; and operational costs cover continuous monitoring and incident response. The model extends traditional infrastructure focus for service-based supply chains by incorporating third-party vendor security, compliance risk, and service continuity expenses. The node-level cybersecurity budget (B) scales with revenue, IT spending, headcount, and service transaction volume, ensuring investments align with operational complexity [\\u003cspan citationid=\\\"CR65\\\" class=\\\"CitationRef\\\"\\u003e65\\u003c/span\\u003e]. Budget constraints cap total expenditure, preventing overspend while maintaining resilience. By holistically integrating cost components, risk drivers, and service-specific factors, this framework supports strategic, risk-adjusted cybersecurity planning across diverse supply chain contexts [\\u003cspan citationid=\\\"CR36\\\" class=\\\"CitationRef\\\"\\u003e36\\u003c/span\\u003e].\\u003c/p\\u003e\\u003cp\\u003eCybersecurity budget for node i\\u003c/p\\u003e\\u003cp\\u003eEach node i in the supply chain network requires a cybersecurity budget influenced by revenue, IT budget, employees, and interdependencies.\\u003c/p\\u003e\\u003cp\\u003eB\\u003csub\\u003ei\\u003c/sub\\u003e = max(0.003 * R\\u003csub\\u003ei\\u003c/sub\\u003e, 0.08 * B\\u003csub\\u003eIT,i\\u003c/sub\\u003e, 1500 * E\\u003csub\\u003ei\\u003c/sub\\u003e, α * Σ (W\\u003csub\\u003eij\\u003c/sub\\u003e * B\\u003csub\\u003ej\\u003c/sub\\u003e) for j \\u0026isin; N\\u003csub\\u003ei\\u003c/sub\\u003e) \\u0026hellip;\\u0026hellip;..3\\u003c/p\\u003e\\u003cp\\u003eIt ensures risk-aware budgeting, accounting for both individual risks and network-wide risks.\\u003c/p\\u003e\\u003cp\\u003eInvestment cost across N nodes\\u003c/p\\u003e\\u003cp\\u003eSecurity investment at each node must consider local and network-dependent risks.\\u003c/p\\u003e\\u003cp\\u003eC\\u003csub\\u003einv,i\\u003c/sub\\u003e = max(0.35 * B\\u003csub\\u003ei\\u003c/sub\\u003e, D\\u003csub\\u003ei\\u003c/sub\\u003e * C\\u003csub\\u003eD,i\\u003c/sub\\u003e, β * Σ (W\\u003csub\\u003eij\\u003c/sub\\u003e * C\\u003csub\\u003einv,j\\u003c/sub\\u003e) for j \\u0026isin; N\\u003csub\\u003ei\\u003c/sub\\u003e) \\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;..4\\u003c/p\\u003e\\u003cp\\u003eIt ensures investment reflects network effects, preventing weak nodes from compromising the system.\\u003c/p\\u003e\\u003cp\\u003eInsurance cost with network risk\\u003c/p\\u003e\\u003cp\\u003eCyber insurance premiums depend on local and network-wide risks.\\u003c/p\\u003e\\u003cp\\u003eC\\u003csub\\u003eins,i\\u003c/sub\\u003e = P\\u003csub\\u003e0,i\\u003c/sub\\u003e + M\\u003csub\\u003ei\\u003c/sub\\u003e * (P\\u003csub\\u003eattack,i\\u003c/sub\\u003e * (R\\u003csub\\u003e0,i\\u003c/sub\\u003e -R\\u003csub\\u003ei\\u003c/sub\\u003e) + γ * Σ (W\\u003csub\\u003eij\\u003c/sub\\u003e * P\\u003csub\\u003eattack,j\\u003c/sub\\u003e) for j \\u0026isin; N\\u003csub\\u003ei\\u003c/sub\\u003e) \\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;..5\\u003c/p\\u003e\\u003cp\\u003ewith an upper cap:\\u003c/p\\u003e\\u003cp\\u003eC\\u003csub\\u003eins,i\\u003c/sub\\u003e = min(C\\u003csub\\u003eins,i\\u003c/sub\\u003e, I\\u003csub\\u003emax,i\\u003c/sub\\u003e)\\u003c/p\\u003e\\u003cp\\u003eThis structure ensures insurance costs reflect shared risks across the network\\u003c/p\\u003e\\u003cp\\u003ePenalty cost for non-compliance\\u003c/p\\u003e\\u003cp\\u003eNodes that fail to comply with cybersecurity standards face penalties.\\u003c/p\\u003e\\u003cp\\u003eC\\u003csub\\u003epen,i\\u003c/sub\\u003e = P\\u003csub\\u003er,i\\u003c/sub\\u003e * max(0, C\\u003csub\\u003ereq,i\\u003c/sub\\u003e - C\\u003csub\\u003ei\\u003c/sub\\u003e) * P\\u003csub\\u003eattack,i\\u003c/sub\\u003e\\u0026thinsp;+\\u0026thinsp;λ * Σ (W\\u003csub\\u003eij\\u003c/sub\\u003e * (C\\u003csub\\u003ereq,j\\u003c/sub\\u003e -C\\u003csub\\u003ej\\u003c/sub\\u003e)) for j \\u0026isin; N\\u003csub\\u003ei\\u003c/sub\\u003e \\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;..6\\u003c/p\\u003e\\u003cp\\u003eThis ensures compliance enforcement is not just node-specific but also network-aware.\\u003c/p\\u003e\\u003cp\\u003eOperational cost for incident response\\u003c/p\\u003e\\u003cp\\u003eOperational costs include real-time monitoring and response.\\u003c/p\\u003e\\u003cp\\u003e\\u003cspan class=\\\"InlineEquation\\\"\\u003e\\u003cspan class=\\\"mathinline\\\"\\u003e\\\\(\\\\:{C}_{\\\\left\\\\{op,i\\\\right\\\\}}=min\\\\:\\\\left.\\\\left(\\\\:max\\\\:\\\\left.\\\\left(\\\\:0.35*{B}_{i},\\\\:{D}_{\\\\left\\\\{exp,i\\\\right\\\\}}*{P}_{\\\\left\\\\{attack,i\\\\right\\\\}}*\\\\left(1\\\\:-\\\\:{\\\\eta\\\\:}_{i}\\\\right)+\\\\delta\\\\:*{\\\\sum\\\\:}_{i=1}^{n}{w}_{ij}{*D}_{exp.j}{*P}_{\\\\left\\\\{attack,j\\\\right\\\\}}\\\\right.\\\\right),\\\\:{C}_{\\\\left\\\\{op\\\\right\\\\}}^{\\\\left\\\\{max\\\\right\\\\}}\\\\right.\\\\right)\\\\)\\u003c/span\\u003e\\u003c/span\\u003e\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;.7\\u003c/p\\u003e\\u003cp\\u003eensures response costs account for cross-node incident dependencies.\\u003c/p\\u003e\\u003cp\\u003eTotal cost constraint for each node\\u003c/p\\u003e\\u003cp\\u003eEach node's total cybersecurity cost must be within budget.\\u003c/p\\u003e\\u003cp\\u003eC\\u003csub\\u003etotal,i\\u003c/sub\\u003e=C\\u003csub\\u003einv,i\\u003c/sub\\u003e+C\\u003csub\\u003eins,i\\u003c/sub\\u003e+C\\u003csub\\u003epen,i\\u003c/sub\\u003e+C\\u003csub\\u003eop,i \\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;..8\\u003c/sub\\u003e\\u003c/p\\u003e\\u003cp\\u003eC\\u003csub\\u003etotal,i\\u003c/sub\\u003e\\u0026le;B\\u003csub\\u003ei\\u003c/sub\\u003e\\u003c/p\\u003e\\u003cp\\u003eThis guarantees that budget constraints are met individually and collectively.\\u003c/p\\u003e\\u003cp\\u003eRisk propagation model\\u003c/p\\u003e\\u003cp\\u003e\\u003cspan class=\\\"InlineEquation\\\"\\u003e\\u003cspan class=\\\"mathinline\\\"\\u003e\\\\(\\\\:{P}_{\\\\left\\\\{attack,i\\\\right\\\\}}={P}_{0}+\\\\:\\\\kappa\\\\:{R}_{i}+\\\\lambda\\\\:{\\\\sum\\\\:}_{j=1}^{N}{R}_{j}{\\\\text{W}}_{ij}\\\\)\\u003c/span\\u003e\\u003c/span\\u003e\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;..9\\u003c/p\\u003e\\u003cp\\u003e\\u003cspan class=\\\"InlineEquation\\\"\\u003e\\u003cspan class=\\\"mathinline\\\"\\u003e\\\\(\\\\:{R}_{i}^{\\\\left\\\\{t+1\\\\right\\\\}}=\\\\left(1\\\\:-\\\\:\\\\mu\\\\:\\\\right){R}_{i}^{t}+{\\\\sum\\\\:}_{j=1}^{N}{W}_{ij}{R}_{j}^{t}+\\\\theta\\\\:{P}_{\\\\left\\\\{attack,i\\\\right\\\\}}\\\\)\\u003c/span\\u003e\\u003c/span\\u003e\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;\\u0026hellip;.10\\u003c/p\\u003e\\u003cp\\u003eThe risk propagation model explains how cyber risk spreads through a service supply chain network over time. The probability of a cyberattack on a node is determined by a baseline attack probability (P\\u003csub\\u003e0\\u003c/sub\\u003e), the node\\u0026rsquo;s risk level (R\\u003csub\\u003ei\\u003c/sub\\u003e), and the influence of connected nodes through an interdependency weight (W\\u003csub\\u003eij\\u003c/sub\\u003e).\\u003c/p\\u003e\\u003c/div\\u003e\\u003cdiv id=\\\"Sec8\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e3.5. Network Dependencies\\u003c/h2\\u003e\\u003cp\\u003eFigure \\u003cspan refid=\\\"Fig2\\\" class=\\\"InternalRef\\\"\\u003e2\\u003c/span\\u003e presents a heatmap of the interconnection weight matrix W\\u003csub\\u003eij\\u003c/sub\\u003e​, which visually depicts the dependency structure across the 15-node financial network. Each non-zero entry represents a directed risk influence from node i to node j, normalized such that the sum of outgoing weights from each node equals 1. Notably, nodes like Bank_A and Vendor_C demonstrate outward dependencies with equal weights of 0.5, signifying their role as risk propagators to multiple connected nodes (e.g., Payment Gateway_D and Data Center_E for Bank_A). The matrix also highlights strong bidirectional links among vendors, such as between Vendor_C and Vendor_H, suggesting potential systemic risk hotspots within the vendor network. These interdependencies emphasize the importance of monitoring highly connected nodes, as they can act as conduits for cascading cyber risks throughout the system. Normalized weights ensure proportional risk influence, aligning the model with real-world financial network behaviors.\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eThe selected sample, comprising a traditional bank, fintech company, third-party vendor, payment gateway, and data center, reflects the core structure and interdependencies of the modern financial supply chain [\\u003cspan citationid=\\\"CR59\\\" class=\\\"CitationRef\\\"\\u003e59\\u003c/span\\u003e]. These nodes exhibit diverse cyber risk profiles, enabling realistic simulation of the network's threat propagation and ripple effects. The mix captures regulatory, operational, and technological vulnerabilities commonly observed in real-world scenarios. This structure aligns with industry frameworks and current cybersecurity priorities, offering a scalable and generalizable foundation for modeling. The design supports comprehensive risk analysis and strategy testing within interconnected digital finance ecosystems. Each entity was assigned financial and operational attributes such as revenue, IT budget, employee count, and number of devices based on realistic industry norms. Larger institutions like Bank_A and Data Center_E were given higher compliance scores and lower vulnerability levels. At the same time, smaller entities like Vendor_C and Fintech_B reflected more limited cyber maturity, with reduced control deployment and higher susceptibility to threats. Interconnection weights between nodes were configured to simulate business-critical data exchanges, which were exceptionally high between Bank_A and Payment Gateway_D and Data Center_E, emphasizing systemic risk. The dataset structure supports stochastic simulations of cyberattack probabilities, budget allocation, control efficacy, and inter-node risk propagation, enabling dynamic modeling of cyber resilience across interconnected financial ecosystems.\\u003c/p\\u003e\\u003c/div\\u003e\\u003cdiv id=\\\"Sec9\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e3.6. Simulation Setup and Input Data\\u003c/h2\\u003e\\u003cp\\u003eThe input data for the Monte Carlo cyber risk simulation model draws from multiple real-world and synthetic sources to ensure realistic modeling of financial sector vulnerabilities. Node-specific attributes like vulnerability scores, compliance levels, and threat intelligence metrics are calibrated using industry benchmarks from National Institute of Standards and Technology (NIST) vulnerability databases, International Organization for Standardization (ISO) 27001 audit results, and Financial Services Information Sharing and Analysis Center (FS ISAC) threat reports. Financial parameters, including revenue, IT budgets, and employee counts, are modeled after ranges observed in Securities and Exchange Commission (SEC) filings and Gartner IT spending surveys. In contrast, device counts reflect typical IT asset inventories. The model's core parameters (β, γ, δ weights for vulnerability, compliance, and threat intelligence) are derived from established frameworks like findability, accessibility, interoperability, and reusability (FAIR) principles, national institute of standards and technology cybersecurity framework (NIST CSF), and adversarial tactics, techniques, and common knowledge (ATT\\u0026amp;CK) [\\u003cspan citationid=\\\"CR55\\\" class=\\\"CitationRef\\\"\\u003e55\\u003c/span\\u003e]. For interconnections, weights are estimated based on payment system data and vendor dependency matrices. When actual data is unavailable, synthetic values are generated using constrained randomization. For instance, banks were given lower vulnerability (0.1\\u0026ndash;0.4) and higher compliance scores (0.7\\u0026ndash;0.95), reflecting their regulated status. This hybrid approach combines verifiable industry data with carefully constrained synthetic values to maintain realism while ensuring the model remains applicable across different financial ecosystems. The simulation environment is structured to mirror a realistic, interconnected financial network composed of 15 heterogeneous digital nodes, including banks, fintech firms, payment processors, vendors, and data centers. Each node is uniquely defined by a set of cybersecurity and financial parameters that serve as model inputs, such as vulnerability, compliance, and threat intelligence levels, as well as financial metrics like revenue, number of employees, and devices. Control effectiveness is split into two components, compliance-driven (R₁\\u003csub\\u003ei\\u003c/sub\\u003e) and intelligence-driven (R₂\\u003csub\\u003ei\\u003c/sub\\u003e), with the total control effect given by R\\u003csub\\u003ei\\u003c/sub\\u003e = R₁\\u003csub\\u003ei\\u003c/sub\\u003e + R₂\\u003csub\\u003ei\\u003c/sub\\u003e [\\u003cspan citationid=\\\"CR41\\\" class=\\\"CitationRef\\\"\\u003e41\\u003c/span\\u003e]. These attributes are initialized using empirical ranges derived from real-world data. The network's structure is encoded using a weighted, directed adjacency matrix that captures the digital dependencies between nodes, with higher weights indicating more substantial inter-node reliance. The matrix is row-normalized to facilitate proper risk propagation modeling. To simulate uncertainty and variability, the model applies a Monte Carlo approach with 10,000 iterations, adding Gaussian noise to key variables (vulnerability, compliance, and threat intelligence) and clipping them to the [0,1] range to maintain realism [\\u003cspan citationid=\\\"CR17\\\" class=\\\"CitationRef\\\"\\u003e17\\u003c/span\\u003e]. Core model parameters such as the base attack probability (P\\u003csub\\u003e0\\u003c/sub\\u003e\\u0026thinsp;=\\u0026thinsp;0.01), sensitivity coefficients (β, γ, δ), and risk propagation weights (κ\\u0026thinsp;=\\u0026thinsp;0.7, θ\\u0026thinsp;=\\u0026thinsp;0.3) are carefully calibrated through sensitivity analysis [\\u003cspan citationid=\\\"CR25\\\" class=\\\"CitationRef\\\"\\u003e25\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR60\\\" class=\\\"CitationRef\\\"\\u003e60\\u003c/span\\u003e]. The optimization of IT budget allocations is constrained by realistic financial bounds (3\\u0026ndash;20% of revenue per node) and a global minimum investment threshold (5% of total revenue across all nodes) [\\u003cspan citationid=\\\"CR23\\\" class=\\\"CitationRef\\\"\\u003e23\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR29\\\" class=\\\"CitationRef\\\"\\u003e29\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR64\\\" class=\\\"CitationRef\\\"\\u003e64\\u003c/span\\u003e]. The SLSQP algorithm is used for optimization due to its effectiveness in solving non-linear problems with equality and inequality constraints.\\u003c/p\\u003e\\u003c/div\\u003e\"},{\"header\":\"4. Simulation Results and Analysis\",\"content\":\"\\u003cp\\u003eThe simulation executed in Python using Monte Carlo methods involved 10,000 iterations to account for uncertainty across 15 interconnected financial nodes.\\u003c/p\\u003e\\u003cdiv id=\\\"Sec11\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e4.1. Comparative Analysis of Optimization Approaches\\u003c/h2\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eThis study presents a rigorous comparative analysis of two distinct optimization methodologies genetic algorithm (GA) and trust-region constrained (TRC) optimization for cyber risk mitigation in interconnected financial networks mentioned in Fig.\\u0026nbsp;\\u003cspan refid=\\\"Fig3\\\" class=\\\"InternalRef\\\"\\u003e3\\u003c/span\\u003e. GA demonstrated superior risk adaptive capabilities, recommending a substantial 99.8% budget increase (\\u003cspan\\u003e$\\u003c/span\\u003e25.04M \\u0026rarr; \\u003cspan\\u003e$\\u003c/span\\u003e50.04M) with strategic prioritization of critical vulnerabilities. Specifically, GA reallocated resources by +\\u0026thinsp;244% to payment gateways and +\\u0026thinsp;156% to third-party vendors, reflecting heightened threat sensitivity and adaptive allocation. Conversely, in low-risk scenarios (firewall active, no threats), TRC maintained operational stability, making only a\\u0026thinsp;+\\u0026thinsp;1.6% budget adjustment, preserving baseline allocations, and supporting a steady state infrastructure. Computational efficiency remained comparable (GA: 15s/50 generations; TRC: 16s/215 iterations), but GA demonstrated improved convergence (5,000 evaluations vs. TRC\\u0026rsquo;s 5,280). These results highlight GA\\u0026rsquo;s strength in dynamically shifting risk landscapes where aggressive and targeted reallocation is essential, while TRC proves effective in environments requiring fine-tuned, incremental optimization. A hybrid optimization strategy is thus recommended, deploying GA for quarterly risk-based budget overhauls and TRC for monthly refinements to achieve balanced, resilient, and cost-effective cybersecurity across evolving financial networks.\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eFigure \\u003cspan refid=\\\"Fig4\\\" class=\\\"InternalRef\\\"\\u003e4\\u003c/span\\u003e presents a comparative visualization of attack probability, residual risk, and total cost across the 15 financial nodes in the cyber risk simulation. In the left panel, the box plots of P\\u003csub\\u003eattack\\u003c/sub\\u003e ​ reveal that vendors exhibit the highest median attack probabilities, reflecting their typically higher vulnerability and lower compliance scores. The middle panel, displaying residual risk distributions, indicates that compliant nodes such as Data Center_E have consistently lower risk levels, underscoring the protective impact of strong compliance measures. The right panel shows total cost distributions, with large banks and data centers incurring the highest costs due to their greater revenue scales, larger IT footprints, and extensive interconnections. These visualizations demonstrate how node type, compliance, and connectivity influence cyber risk exposure and associated financial impacts, providing valuable insights for strategic cybersecurity investment.\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eFigure \\u003cspan refid=\\\"Fig5\\\" class=\\\"InternalRef\\\"\\u003e5\\u003c/span\\u003e presents a visualization of the cybersecurity landscape across different node types, plotting mean attack probability, residual risk, and total cost. The distribution reveals distinct strategic profiles: banks and data centers are positioned in the high cost region, indicating significant investments in cybersecurity, likely reflecting their critical infrastructure roles [\\u003cspan citationid=\\\"CR52\\\" class=\\\"CitationRef\\\"\\u003e52\\u003c/span\\u003e]. In contrast, vendors tend to cluster around higher attack probabilities with only moderate cost levels, suggesting comparatively lower investment or a higher exposure surface. The fintech and payment gateway nodes are more dispersed, reflecting varied strategies in balancing risk and cost. The plot illustrates that different entity types prioritize security investments differently, resulting in precise segmentation in cyber risk postures.\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eFigure \\u003cspan refid=\\\"Fig6\\\" class=\\\"InternalRef\\\"\\u003e6\\u003c/span\\u003e illustrates the cumulative mean attack probability over 10,000 Monte Carlo iterations for three selected nodes: Bank_A, Vendor_C, and Data Center_E. The plot shows clear convergence behavior, with all curves flattening after approximately 2,000 iterations, validating the stability and reliability of the simulation outcomes. Notably, Vendor_C consistently exhibits the highest attack probability, stabilizing around 0.013, indicating a higher risk exposure than the other entities. In contrast, Bank_A and Data Center_E maintain lower and closely aligned attack probabilities, reflecting more robust defenses or reduced vulnerability surfaces. This disparity highlights the differing cybersecurity risk profiles and potentially unequal investment in mitigation strategies across organization types.\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003eFigure \\u003cspan refid=\\\"Fig7\\\" class=\\\"InternalRef\\\"\\u003e7\\u003c/span\\u003e presents the distribution of attack probabilities for Bank_A, combining a histogram with a kernel density estimate (KDE) to illustrate the underlying simulation results [\\u003cspan citationid=\\\"CR8\\\" class=\\\"CitationRef\\\"\\u003e8\\u003c/span\\u003e, \\u003cspan citationid=\\\"CR45\\\" class=\\\"CitationRef\\\"\\u003e45\\u003c/span\\u003e]. Most outcomes cluster below a 0.01 probability, indicating that Bank_A maintains a strong security posture, likely due to high compliance and adequate controls. However, a long right-skewed tail suggests a non-negligible risk under certain conditions, possibly arising from dynamic threat landscapes or interdependencies within the network. The histograms depict the simulated attack probability distributions for three representative nodes, Bank_A, Vendor_C, and Data Center_E, derived from 10,000 Monte Carlo iterations. Bank_A (left) exhibits a tightly clustered distribution around a mean P\\u003csub\\u003eattack\\u003c/sub\\u003e​ of 0.008, reflecting its robust security coverage (C\\u0026thinsp;=\\u0026thinsp;0.88) and low vulnerability (V\\u0026thinsp;=\\u0026thinsp;0.12). In contrast, Vendor_C (middle) shows a broader distribution (mean P\\u003csub\\u003eattack\\u003c/sub\\u003e=0.012), consistent with its higher baseline vulnerability (V\\u0026thinsp;=\\u0026thinsp;0.68) and moderate security (C\\u0026thinsp;=\\u0026thinsp;0.62), indicating greater exposure to threats. Data Center_E (right) mirrors Bank_A\\u0026rsquo;s low risk profile (mean P\\u003csub\\u003eattack\\u003c/sub\\u003e=0.008) due to its high security (C\\u0026thinsp;=\\u0026thinsp;0.92) and critical infrastructure protections. These results align with the model's risk cost optimization, where vendors incur higher residual risk (0.007 vs. 0.003 for banks/data centers) and lower mitigation budgets (\\u003cspan\\u003e$\\u003c/span\\u003e200K vs. \\u003cspan\\u003e$\\u003c/span\\u003e2.5M+). The right-skewed tails in Vendor_C's distribution further underscore the need for targeted investments in vendor security to reduce systemic risks.\\u003c/p\\u003e\\u003c/div\\u003e\"},{\"header\":\"5. Strategic Insights\",\"content\":\"\\u003cp\\u003eThis study provides critical strategic insights for financial institutions navigating the complex trade-offs between cybersecurity investment and risk mitigation. The findings demonstrate that genetic algorithms (GA) offer superior adaptability for long-term cybersecurity budgeting, particularly in highly interconnected networks where systemic risks propagate across nodes. By exploring non-local optima, GA identifies counterintuitive yet effective budget reallocations such as prioritizing high-risk vendors or payment gateways that traditional optimization methods might overlook. However, the trust-region method\\u0026rsquo;s strict adherence to financial constraints makes it indispensable for short-term, compliance-driven budget adjustments where feasibility is paramount. For financial institutions, the key takeaway is that a hybrid optimization strategy leveraging GA for exploratory risk modeling and trust-region for operational execution can maximize both resilience and fiscal discipline. Additionally, the study underscores the need for dynamic budget reallocation frameworks that adapt to evolving cyber threats, ensuring that security investments remain proactive and sustainable. Policymakers and CISOs should consider these insights when designing cybersecurity governance models, balancing innovation in risk optimization with the practical realities of budgetary constraints. Ultimately, this research advances a more nuanced, data-driven approach to cybersecurity investment, aligning strategic foresight with operational pragmatism.\\u003c/p\\u003e\\u003cdiv id=\\\"Sec13\\\" class=\\\"Section2\\\"\\u003e\\u003ch2\\u003e5.1. Implications\\u003c/h2\\u003e\\u003cp\\u003eThe findings of this study offer critical insights for cybersecurity managers, financial executives, and IT policymakers responsible for optimizing security budgets in interconnected financial networks. First, the genetic algorithm (GA) approach is particularly valuable for strategic decision making, as it identifies non-obvious budget reallocations that account for systemic cyber risks across interconnected nodes. Managers in highly networked environments (e.g., banking ecosystems, fintech collaborations) should consider GA for long-term cybersecurity investment planning, especially when facing evolving threats that require adaptive resource distribution. However, since GA may propose budgets that exceed financial constraints, organizations must incorporate penalty mechanisms or hybrid optimization to ensure feasibility. Conversely, the trust-region method is better suited for operational budget adjustments, as it strictly adheres to predefine financial boundaries (e.g., 3\\u0026ndash;20% of revenue). This makes it ideal for organizations with rigid compliance requirements or those needing incremental, risk-aware budget modifications. Managers should leverage this method for quarterly or annual budget refinements, ensuring alignment with organizational risk tolerance while maintaining fiscal discipline. A hybrid approach combining GA for exploratory optimization and trust-region for fine-tuning could offer the best of both worlds, enabling dynamic cybersecurity investment strategies that balance innovation with practicality. Additionally, risk-aware dashboards visualizing attack probabilities, residual risks, and cost breakdowns (as generated in this study) can aid executives in justifying cybersecurity expenditures to stakeholders. Ultimately, this research empowers managers to adopt data-driven, optimization-backed strategies that enhance cyber resilience while maximizing the return on security investments.\\u003c/p\\u003e\\u003c/div\\u003e\"},{\"header\":\"6. Discussion and Future Research Direction\",\"content\":\"\\u003cp\\u003eThe comparative analysis of genetic algorithms (GA) and trust-region methods for optimizing cybersecurity budgets in financial networks yielded key insights into their efficiency, risk mitigation capabilities, and practical applicability. First, computational efficiency and solution quality varied significantly between the two methods. The GA converged in 50 generations (14.6 seconds), exploring non-local optima and producing budget allocations that deviated substantially from initial values (e.g., Bank_A\\u0026rsquo;s budget increased from \\u003cspan\\u003e$\\u003c/span\\u003e2.55M to \\u003cspan\\u003e$\\u003c/span\\u003e3.62M). In contrast, the trust-region method required 215 iterations (15 seconds) but maintained budgets closer to initial values, suggesting better suitability for fine-tuning near feasible solutions. While GA excels in global exploration, trust-region is more efficient for local optimization, making the choice dependent on whether exploration or exploitation is prioritized. Second, risk and cost disparities across node types revealed that Vendors (e.g., Vendor_C) exhibited higher attack probabilities (P\\u003csub\\u003eattack\\u003c/sub\\u003e mean\\u0026thinsp;=\\u0026thinsp;0.012) due to weaker security controls. At the same time, Banks (e.g., Bank_A) had lower risk (P\\u003csub\\u003eattack\\u003c/sub\\u003e mean\\u0026thinsp;=\\u0026thinsp;0.008). The GA\\u0026rsquo;s budget allocations better addressed network interdependencies, increasing investments in highly connected nodes (e.g., Payment Gateway_D: \\u003cspan\\u003e$\\u003c/span\\u003e4.13M vs. \\u003cspan\\u003e$\\u003c/span\\u003e1.2M initial). Meanwhile, the trust-region method provided more conservative adjustments, sometimes underfitting systemic risks (e.g., Vendor_M's residual risk remained at 0.005). It suggests that GA is more effective for holistic risk mitigation in interconnected environments. Finally, practical implications highlight trade-offs between flexibility and feasibility. The GA\\u0026rsquo;s ability to discover non-intuitive budget shifts makes it valuable for strategic, long-term planning, particularly in dynamic threat landscapes. However, its solutions occasionally violated financial constraints (e.g., Bank_K\\u0026rsquo;s \\u003cspan\\u003e$\\u003c/span\\u003e10.6M proposal). Conversely, the trust-region method strictly adhered to bounds (e.g., 3\\u0026ndash;20% of revenue), making it better suited for operational, short-term adjustments. A hybrid approach using GA for exploratory phases and trust-region for refinement could balance global optimization with real-world implementability. Based on the above discussions, some future research directions are suggested to explore below in Table\\u0026nbsp;\\u003cspan refid=\\\"Tab4\\\" class=\\\"InternalRef\\\"\\u003e4\\u003c/span\\u003e.\\u003c/p\\u003e\\u003cp\\u003e\\u003cdiv class=\\\"gridtable\\\"\\u003e\\u003ctable float=\\\"Yes\\\" id=\\\"Tab4\\\" border=\\\"1\\\"\\u003e\\u003ccaption language=\\\"En\\\"\\u003e\\u003cdiv class=\\\"CaptionNumber\\\"\\u003eTable 4\\u003c/div\\u003e\\u003cdiv class=\\\"CaptionContent\\\"\\u003e\\u003cp\\u003eFuture research directions with contribution.\\u003c/p\\u003e\\u003c/div\\u003e\\u003c/caption\\u003e\\u003ccolgroup cols=\\\"3\\\"\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c1\\\" colnum=\\\"1\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c2\\\" colnum=\\\"2\\\"\\u003e\\u003c/div\\u003e\\u003cdiv align=\\\"left\\\" class=\\\"colspec\\\" colname=\\\"c3\\\" colnum=\\\"3\\\"\\u003e\\u003c/div\\u003e\\u003cthead\\u003e\\u003ctr\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eResearch Gap\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eOur Contribution\\u003c/p\\u003e\\u003c/th\\u003e\\u003cth align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eLimitations in Existing Work\\u003c/p\\u003e\\u003c/th\\u003e\\u003c/tr\\u003e\\u003c/thead\\u003e\\u003ctbody\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eLack of comparative studies\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eFirst empirical comparison of GA vs. trust-constr for cyber budget optimization.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003ePrior works focus on single optimization methods (GA\\u0026nbsp;\\u003cem\\u003eor\\u003c/em\\u003e\\u0026nbsp;gradient-based) without benchmarking.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eConstraint handling in cyber risk models\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eDemonstrates trust-constr\\u0026rsquo;s superiority in strict constraint adherence.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eMany studies use penalties (GA) or ignore bounds, leading to infeasible budgets.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eNetworked risk propagation\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eDynamic Monte Carlo simulation with risk propagation across 15 nodes.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eStatic models ignore interdependencies (e.g., W\\u003csub\\u003eij\\u003c/sub\\u003e weights).\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eReal-world financial applicability\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eEnforces regulatory compliant bounds (IT budgets as % of revenue).\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eTheoretical models lack revenue-linked budget constraints.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003ctr\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c1\\\"\\u003e\\u003cp\\u003eTrade-off: Exploration vs. precision\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c2\\\"\\u003e\\u003cp\\u003eQuantifies GA\\u0026rsquo;s penalty-induced distortions vs. trust-constr's precision.\\u003c/p\\u003e\\u003c/td\\u003e\\u003ctd align=\\\"left\\\" colname=\\\"c3\\\"\\u003e\\u003cp\\u003eGA is favored for exploration but lacks feasibility guarantees.\\u003c/p\\u003e\\u003c/td\\u003e\\u003c/tr\\u003e\\u003c/tbody\\u003e\\u003c/colgroup\\u003e\\u003c/table\\u003e\\u003c/div\\u003e\\u003c/p\\u003e\"},{\"header\":\"7. Conclusion\",\"content\":\"\\u003cp\\u003eThis study compared genetic algorithms (GA) and trust-region methods for optimizing cybersecurity budgets in financial networks, offering critical insights into their strengths and limitations. The results demonstrated that GA excels in exploring global optima, making it ideal for identifying non-intuitive budget allocations that mitigate systemic risks in interconnected environments. However, its solutions occasionally violated financial constraints, limiting immediate practicality. In contrast, the trust-region method provided more conservative, locally optimal budgets that strictly adhered to predefined bounds, ensuring feasibility but sometimes underfitting network-wide risks. The choice between these methods depends on the context: GA is better suited for strategic, long-term cybersecurity planning, while trust-region is preferable for operational, short-term budget adjustments. A hybrid approach, leveraging GA\\u0026rsquo;s exploratory power and trust-region\\u0026rsquo;s constraint adherence, could offer a balanced solution for dynamic financial networks. Future research should investigate adaptive optimization frameworks that dynamically integrate these techniques based on evolving threat landscapes and organizational priorities. Ultimately, this work provides a foundation for more efficient and resilient cybersecurity budget allocation in complex financial ecosystems.\\u003c/p\\u003e\"},{\"header\":\"Declarations\",\"content\":\"\\u003ch2\\u003eAuthor Contribution\\u003c/h2\\u003e\\u003cp\\u003eAuthors ContributionsSantanu Mondal*: Conceptualization; Methodology; Formal analysis; Software; Investigation; Writing original draft; Visualization.Rashmi Singh: Validation; Resources; Writing review and editing; Supervision.\\u003c/p\\u003e\\u003ch2\\u003eAcknowledgement\\u003c/h2\\u003e\\u003cp\\u003eAcknowledgements:The authors would like to thank the Department of Management Studies, IIT (ISM) Dhanbad, for the support provided by the Institute for research. Special thanks to Dr. Rashmi Singh for critical discussions on organizational resilience and cyber risk modeling.\\u003c/p\\u003e\\u003ch2\\u003eData Availability Statement\\u003c/h2\\u003e\\u003cp\\u003eSimulation outputs, model parameters, and network structures supporting this study are available from the corresponding author upon reasonable request for academic, non-commercial use, subject to institutional and ethical guidelines.\\u003c/p\\u003e\"},{\"header\":\"References\",\"content\":\"\\u003col\\u003e\\n\\u003cli\\u003eAbisoye, A., \\u0026amp; Akerele, J. I. (2021). High-impact data-driven decision-making model for integrating cutting-edge cybersecurity strategies into public policy. \\u003cem\\u003eGovernance, and Organizational Frameworks\\u003c/em\\u003e.\\u003c/li\\u003e\\n\\u003cli\\u003eAbrahams, T. O., Farayola, O. A., Kaggwa, S., Uwaoma, P. U., Hassan, A. O., \\u0026amp; Dawodu, S. O. (2024). Reviewing third party risk management: Best practices in accounting and cybersecurity for superannuation organizations. \\u003cem\\u003eFinance Accounting Research Journal, 6\\u003c/em\\u003e(1), 21\\u0026ndash;39.\\u003c/li\\u003e\\n\\u003cli\\u003eAli, A. M. (2020). \\u003cem\\u003eAnalysis of the determinants of capital adequacy ratio: The case of Islamic banks in the Gulf Cooperation Council (GCC)\\u003c/em\\u003e (Master\\u0026rsquo;s thesis, Sakarya \\u0026Uuml;niversitesi).\\u003c/li\\u003e\\n\\u003cli\\u003eArroyabe, M. F., Arranz, C. F., De Arroyabe, I. F., \\u0026amp; Fernandez de Arroyabe, J. C. (2024). Navigating cybersecurity: Environment\\u0026rsquo;s impact on standards adoption and board involvement. \\u003cem\\u003eJournal of Computer Information Systems\\u003c/em\\u003e, 1\\u0026ndash;21. https://doi.org/10.1080/08874417.2024.2302364\\u003c/li\\u003e\\n\\u003cli\\u003eAtıcı, S., \\u0026amp; Tuna, G. (2025). Modelling cybersecurity environment using Lotka-Volterra equations, and its stochastic analysis. \\u003cem\\u003eExpert Systems with Applications\\u003c/em\\u003e, \\u003cem\\u003e129096\\u003c/em\\u003e. https://doi.org/10.1016/j.eswa.2024.129096\\u003c/li\\u003e\\n\\u003cli\\u003eBokhari, S., Hamrioui, S., \\u0026amp; Aider, M. (2022). Cybersecurity strategy under uncertainties for an IoE environment. \\u003cem\\u003eJournal of Network and Computer Applications, 205\\u003c/em\\u003e, 103426. https://doi.org/10.1016/j.jnca.2022.103426\\u003c/li\\u003e\\n\\u003cli\\u003eBrho, M., Jazairy, A., \\u0026amp; Glassburner, A. V. (2025). The finance of cybersecurity: Quantitative modeling of investment decisions and net present value. \\u003cem\\u003eInternational Journal of Production Economics, 279\\u003c/em\\u003e, 109448. https://doi.org/10.1016/j.ijpe.2025.109448\\u003c/li\\u003e\\n\\u003cli\\u003eCalder, A. C., Fryxell, B., Plewa, T., Rosner, R., Dursi, L. J., Weirs, V. G., \\u0026amp; Tufo, H. M. (2002). On validating an astrophysical simulation code. \\u003cem\\u003eThe Astrophysical Journal Supplement Series, 143\\u003c/em\\u003e(1), 201. https://doi.org/10.1086/342684\\u003c/li\\u003e\\n\\u003cli\\u003eCappello, G. M., Colajanni, G., Daniele, P., \\u0026amp; Sciacca, D. (2023). A constrained optimization model for the provision of services in a 5G network with multi-level cybersecurity investments. \\u003cem\\u003eSoft Computing, 27\\u003c/em\\u003e(18), 12979\\u0026ndash;12996. https://doi.org/10.1007/s00500-022-07117-5\\u003c/li\\u003e\\n\\u003cli\\u003eCastilho, D., Souza, T. T., Kang, S. M., Gama, J., \\u0026amp; de Carvalho, A. C. (2024). Forecasting financial market structure from network features using machine learning. \\u003cem\\u003eKnowledge and Information Systems\\u003c/em\\u003e, \\u003cem\\u003e66\\u003c/em\\u003e(8), 4497-4525.\\u003c/li\\u003e\\n\\u003cli\\u003eChen, Q. (2025). Financial cost optimization of urban water resource scheduling using genetic algorithms: A metaheuristic approach. \\u003cem\\u003eExpert Systems with Applications\\u003c/em\\u003e, \\u003cem\\u003e128617\\u003c/em\\u003e. https://doi.org/10.1016/j.eswa.2024.128617\\u003c/li\\u003e\\n\\u003cli\\u003eChowdhary, M. A. M. (2025). \\u003cem\\u003eFinancial network infrastructure: Scalability, security and optimization.\\u003c/em\\u003e\\u003c/li\\u003e\\n\\u003cli\\u003eCobos, E. V. (2024). \\u003cem\\u003eCybersecurity economics for emerging markets\\u003c/em\\u003e. World Bank Publications.\\u003c/li\\u003e\\n\\u003cli\\u003eCui, C., \\u0026amp; Qi, L. (2024). A power method for computing the dominant eigenvalue of a dual quaternion Hermitian matrix. \\u003cem\\u003eJournal of Scientific Computing, 100\\u003c/em\\u003e(1), 21.\\u003c/li\\u003e\\n\\u003cli\\u003eDash, A., Sarmah, S. P., Tiwari, M. K., Jena, S. K., \\u0026amp; Glock, C. H. (2024a). Cybersecurity investments in supply chains with two-stage risk propagation. \\u003cem\\u003eComputers \\u0026amp; Industrial Engineering, 197\\u003c/em\\u003e, 110519. https://doi.org/10.1016/j.cie.2023.110519\\u003c/li\\u003e\\n\\u003cli\\u003eDi Persio, L., Alruqimi, M., \\u0026amp; Garbelli, M. (2024). Stochastic approaches to energy markets: From stochastic differential equations to mean field games and neural network modeling. \\u003cem\\u003eEnergies, 17\\u003c/em\\u003e(23), 6106.\\u003c/li\\u003e\\n\\u003cli\\u003eDing, J., Wang, Z., Duan, Y., Tong, X., \\u0026amp; Lu, H. (2021). A digital simulation model for a full polarized microwave radiometer system and its calibration. \\u003cem\\u003eRemote Sensing, 13\\u003c/em\\u003e(23), 4888. https://doi.org/10.3390/rs13234888\\u003c/li\\u003e\\n\\u003cli\\u003eDong, H., \\u0026amp; Kotenko, I. (2025). Cybersecurity in the AI era: analyzing the impact of machine learning on intrusion detection. \\u003cem\\u003eKnowledge and Information Systems\\u003c/em\\u003e, 1-52.\\u003c/li\\u003e\\n\\u003cli\\u003eEwan, P. M. (2023). \\u003cem\\u003eThe impact of budgeting on the risk of cybersecurity insider threat actions: From the perspective of IT engineers\\u003c/em\\u003e (Doctoral dissertation, Northcentral University).\\u003c/li\\u003e\\n\\u003cli\\u003eFan, L., \\u0026amp; Han, Z. (2022). Hybrid quantum-classical computing for future network optimization. \\u003cem\\u003eIEEE Network, 36\\u003c/em\\u003e(5), 72\\u0026ndash;76.\\u003c/li\\u003e\\n\\u003cli\\u003eFernandes, P., Ferrer, \\u0026Agrave;., Gon\\u0026ccedil;alves, P., Parente, M., Pinto, R., \\u0026amp; Correia, N. (2023). Stress-constrained topology optimization for commercial software: A python implementation for abaqus\\u0026reg;. \\u003cem\\u003eApplied Sciences, 13\\u003c/em\\u003e(23), 12916.\\u003c/li\\u003e\\n\\u003cli\\u003eGai, K., Qiu, M., \\u0026amp; Hassan, H. (2017). Secure cyber incident analytics framework using Monte Carlo simulations for financial cybersecurity insurance in cloud computing. \\u003cem\\u003eConcurrency and Computation: Practice and Experience, 29\\u003c/em\\u003e(7), e3856. https://doi.org/10.1002/cpe.3856\\u003c/li\\u003e\\n\\u003cli\\u003eGeunes, J., \\u0026amp; Pardalos, P. M. (2003). Network optimization in supply chain management and financial engineering: An annotated bibliography. \\u003cem\\u003eNetworks, 42\\u003c/em\\u003e(2), 66\\u0026ndash;84. https://doi.org/10.1002/net.10073\\u003c/li\\u003e\\n\\u003cli\\u003eG\\u0026uuml;ler, M., \\u0026amp; B\\u0026uuml;y\\u0026uuml;k\\u0026ouml;zkan, G. (2025). Cybersecurity maturity assessment using an incomplete hesitant fuzzy AHP method and Bonferroni means operator. \\u003cem\\u003eExpert Systems with Applications, 282\\u003c/em\\u003e, Article 127268. https://doi.org/10.1016/j.eswa.2024.127268\\u003c/li\\u003e\\n\\u003cli\\u003eGupta, A. (2016). Simulation modeling and analysis. In M. K. Tiwari \\u0026amp; S. P. Sarmah (Eds.), \\u003cem\\u003eDecision sciences\\u003c/em\\u003e (pp. 817\\u0026ndash;902). CRC Press.\\u003c/li\\u003e\\n\\u003cli\\u003eGupta, S., Modgil, S., Meissonier, R., \\u0026amp; Dwivedi, Y. K. (2021). Artificial intelligence and information system resilience to cope with supply chain disruption. \\u003cem\\u003eIEEE Transactions on Engineering Management\\u003c/em\\u003e. https://doi.org/10.1109/TEM.2021.3073534\\u003c/li\\u003e\\n\\u003cli\\u003eHa, Y., Shashaani, S., \\u0026amp; Menickelly, M. (2025). Two-stage estimation and variance modeling for latency-constrained variational quantum algorithms. \\u003cem\\u003eINFORMS Journal on Computing, 37\\u003c/em\\u003e(1). https://doi.org/10.1287/ijoc.2024.0575\\u003c/li\\u003e\\n\\u003cli\\u003eHamidzadeh, J., Mehravaran, Z., \\u0026amp; Harati, A. (2025). Feature selection by utilizing kernel-based fuzzy rough set and entropy-based non-dominated sorting genetic algorithm in multi-label data. \\u003cem\\u003eKnowledge and Information Systems\\u003c/em\\u003e, \\u003cem\\u003e67\\u003c/em\\u003e(4), 3789-3819.\\u003c/li\\u003e\\n\\u003cli\\u003eHuang, C. D., \\u0026amp; Behara, R. S. (2013). Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. \\u003cem\\u003eInternational Journal of Production Economics, 141\\u003c/em\\u003e(1), 255\\u0026ndash;268. https://doi.org/10.1016/j.ijpe.2012.08.005\\u003c/li\\u003e\\n\\u003cli\\u003eJavaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P., \\u0026amp; Hur, J. (2024). Cybersecurity threats in FinTech: A systematic review. \\u003cem\\u003eExpert Systems with Applications, 241\\u003c/em\\u003e, Article 122697. https://doi.org/10.1016/j.eswa.2023.122697\\u003c/li\\u003e\\n\\u003cli\\u003eKandasamy, V., \\u0026amp; Roseline, A. A. (2025). Harnessing advanced hybrid deep learning model for real-time detection and prevention of man-in-the-middle cyber attacks. \\u003cem\\u003eScientific Reports, 15\\u003c/em\\u003e(1), 1697.\\u003c/li\\u003e\\n\\u003cli\\u003eKarimi, A., Mohajerani, M., Alinasab, N., \\u0026amp; Akhlaghinezhad, F. (2024). Integrating machine learning and genetic algorithms to optimize building energy and thermal efficiency under historical and future climate scenarios. \\u003cem\\u003eSustainability, 16\\u003c/em\\u003e(21), 9324.\\u003c/li\\u003e\\n\\u003cli\\u003eKaturi, S. (n.d.). \\u003cem\\u003eCybersecurity threats in digital banking: A comprehensive analysis\\u003c/em\\u003e.\\u003c/li\\u003e\\n\\u003cli\\u003eKoca, M., \\u0026amp; \\u0026Ccedil;ift\\u0026ccedil;i, S. (2025). A comprehensive bibliometric analysis of Big Data and Cyber Security: intellectual structure, trends, and global collaborations: M. Koca, S. \\u0026Ccedil;ift\\u0026ccedil;i. \\u003cem\\u003eKnowledge and Information Systems\\u003c/em\\u003e, 1-26.\\u003c/li\\u003e\\n\\u003cli\\u003eKoza, E. (2022). Semantic analysis of ISO/IEC 27000 standard series and NIST cybersecurity framework to outline differences and consistencies in the context of operational and strategic information security. \\u003cem\\u003eMedia Engineering Themes, 2\\u003c/em\\u003e, 26\\u0026ndash;39.\\u003c/li\\u003e\\n\\u003cli\\u003eLawrie, M., \\u0026amp; Tsetsekos, G. (2021). \\u003cem\\u003eBusiness leadership in turbulent times: Decision making for value creation\\u003c/em\\u003e. Archway Publishing.\\u003c/li\\u003e\\n\\u003cli\\u003eLin, L., \\u0026amp; Gen, M. (2009). Auto-tuning strategy for evolutionary algorithms: Balancing between exploration and exploitation. \\u003cem\\u003eSoft Computing, 13\\u003c/em\\u003e(2), 157\\u0026ndash;168.\\u003c/li\\u003e\\n\\u003cli\\u003eLou, G., Guo, Y., Lai, Z., Ma, H., \\u0026amp; Tu, X. (2024). Optimal resilience strategy for manufacturers to deal with supply disruptions: Investment in supply stability versus dual sourcing. \\u003cem\\u003eComputers \\u0026amp; Industrial Engineering, 190\\u003c/em\\u003e, Article 110030. https://doi.org/10.1016/j.cie.2023.110030\\u003c/li\\u003e\\n\\u003cli\\u003eLyu, B., Guo, S., Gu, J. W., \\u0026amp; Ching, W. K. (2025). Adjustable cash inflows based online investment decision making. \\u003cem\\u003eExpert Systems with Applications\\u003c/em\\u003e, \\u003cem\\u003e127940\\u003c/em\\u003e. https://doi.org/10.1016/j.eswa.2024.127940\\u003c/li\\u003e\\n\\u003cli\\u003eMohamed, N. (2025). Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms. \\u003cem\\u003eKnowledge and Information Systems\\u003c/em\\u003e, 1-87.\\u003c/li\\u003e\\n\\u003cli\\u003eMuckin, M., \\u0026amp; Fitch, S. C. (2014). \\u003cem\\u003eA threat driven approach to cyber security\\u003c/em\\u003e. Lockheed Martin Corporation.\\u003c/li\\u003e\\n\\u003cli\\u003eNagurney, A., Daniele, P., \\u0026amp; Shukla, S. (2017). A supply chain network game theory model of cybersecurity investments with non-linear budget constraints. \\u003cem\\u003eAnnals of Operations Research, 248\\u003c/em\\u003e, 405\\u0026ndash;427. https://doi.org/10.1007/s10479-015-1892-4\\u003c/li\\u003e\\n\\u003cli\\u003eNino-Ruiz, E. D. (2019). Non-linear data assimilation via trust region optimization. \\u003cem\\u003eComputational \\u0026amp; Applied Mathematics, 38\\u003c/em\\u003e(3), 129. https://doi.org/10.1007/s40314-019-0901-x\\u003c/li\\u003e\\n\\u003cli\\u003eNorquist, D. L. (2019). \\u003cem\\u003eDoD digital modernization strategy: DoD information resources management strategic plan FY19-23\\u003c/em\\u003e.\\u003c/li\\u003e\\n\\u003cli\\u003eO\\u0026rsquo;Brien, T. A., Kashinath, K., Cavanaugh, N. R., Collins, W. D., \\u0026amp; O\\u0026rsquo;Brien, J. P. (2016). A fast and objective multidimensional kernel density estimation method: fastKDE. \\u003cem\\u003eComputational Statistics \\u0026amp; Data Analysis, 101\\u003c/em\\u003e, 148\\u0026ndash;160. https://doi.org/10.1016/j.csda.2016.02.014\\u003c/li\\u003e\\n\\u003cli\\u003ePalma, A., Sorrentino, A., \\u0026amp; Bonomi, S. (2025). How to assess measurement capabilities of a security monitoring infrastructure and plan investment through a graph-based approach. \\u003cem\\u003eExpert Systems with Applications, 262\\u003c/em\\u003e, Article 125623.\\u003c/li\\u003e\\n\\u003cli\\u003ePatyal, M., Sampalli, S., Ye, Q., \\u0026amp; Rahman, M. (2017). Multi-layered defense architecture against ransomware. \\u003cem\\u003eInternational Journal of Business and Cyber Security, 1\\u003c/em\\u003e(2).\\u003c/li\\u003e\\n\\u003cli\\u003ePaul, J. A., \\u0026amp; Wang, X. J. (2019). Socially optimal IT investment for cybersecurity. \\u003cem\\u003eDecision Support Systems, 122\\u003c/em\\u003e, 113069. https://doi.org/10.1016/j.dss.2019.113069\\u003c/li\\u003e\\n\\u003cli\\u003ePawar, S., \\u0026amp; Palivela, H. (2025). Need of paradigm shift in cybersecurity implementation for small and medium enterprises (SMEs). \\u003cem\\u003eInternational Journal of Cybersecurity Intelligence and Cybercrime, 8\\u003c/em\\u003e(1), 4.\\u003c/li\\u003e\\n\\u003cli\\u003ePhoenix, A. A., Borggaard, J., \\u0026amp; Tarazaga, P. A. (2018). Thermal morphing anisogrid smart space structures part 2: Ranking of geometric parameter importance, trust region optimization, and performance evaluation. \\u003cem\\u003eJournal of Vibration and Control, 24\\u003c/em\\u003e(13), 2873\\u0026ndash;2893. https://doi.org/10.1177/1077546317695464\\u003c/li\\u003e\\n\\u003cli\\u003eQian, E., Grepl, M., Veroy, K., \\u0026amp; Willcox, K. (2017). A certified trust region reduced basis approach to PDE-constrained optimization. \\u003cem\\u003eSIAM Journal on Scientific Computing, 39\\u003c/em\\u003e(5), S434\\u0026ndash;S460. https://doi.org/10.1137/16M1081981\\u003c/li\\u003e\\n\\u003cli\\u003eRabzelj, M., Bohak, C., Južnič, L. \\u0026Scaron;., Kos, A., \\u0026amp; Sedlar, U. (2023). Cyberattack graph modeling for visual analytics. \\u003cem\\u003eIEEE Access, 11\\u003c/em\\u003e, 86910\\u0026ndash;86944. https://doi.org/10.1109/ACCESS.2023.3297540\\u003c/li\\u003e\\n\\u003cli\\u003eRees, L. P., Deane, J. K., Rakes, T. R., \\u0026amp; Baker, W. H. (2011). Decision support for cybersecurity risk planning. \\u003cem\\u003eDecision Support Systems, 51\\u003c/em\\u003e(3), 493\\u0026ndash;505. https://doi.org/10.1016/j.dss.2011.02.013\\u003c/li\\u003e\\n\\u003cli\\u003eReis, A. L., Andrade-Campos, A., Henggeler Antunes, C., Lopes, M. A., \\u0026amp; Antunes, A. (2024). Cost-efficient pump operation in water supply systems considering demand-side management. \\u003cem\\u003eJournal of Water Resources Planning and Management, 150\\u003c/em\\u003e(6), 04024017.\\u003c/li\\u003e\\n\\u003cli\\u003eSaunders, A., \\u0026amp; Brynjolfsson, E. (2016). Valuing information technology related intangible assets. \\u003cem\\u003eMIS Quarterly, 40\\u003c/em\\u003e(1), 83\\u0026ndash;110. https://doi.org/10.25300/MISQ/2016/40.1.04\\u003c/li\\u003e\\n\\u003cli\\u003eSheikholeslami, F., \\u0026amp; Navimipour, N. J. (2017). Service allocation in the cloud environments using multi-objective particle swarm optimization algorithm based on crowding distance. \\u003cem\\u003eSwarm and Evolutionary Computation, 35\\u003c/em\\u003e, 53\\u0026ndash;64.\\u003c/li\\u003e\\n\\u003cli\\u003eSilva, T. L., Bellout, M. C., Giuliani, C., Camponogara, E., \\u0026amp; Pavlov, A. (2022). Derivative-free trust region optimization for robust well control under geological uncertainty. \\u003cem\\u003eComputational Geosciences, 26\\u003c/em\\u003e(2), 329\\u0026ndash;349. https://doi.org/10.1007/s10596-022-10132-y\\u003c/li\\u003e\\n\\u003cli\\u003eSkeoch, H. R. (2022). Expanding the Gordon-Loeb model to cyber insurance. \\u003cem\\u003eComputers \\u0026amp; Security, 112\\u003c/em\\u003e, 102533. https://doi.org/10.1016/j.cose.2021.102533\\u003c/li\\u003e\\n\\u003cli\\u003eSong, H., Han, S., Liu, W., \\u0026amp; Ganguly, A. (2023). What role do FinTech companies play in supply chain finance? A signaling intermediary perspective. \\u003cem\\u003eJournal of Business \\u0026amp; Industrial Marketing, 38\\u003c/em\\u003e(6), 1279\\u0026ndash;1294. https://doi.org/10.1108/JBIM-03-2022-0115\\u003c/li\\u003e\\n\\u003cli\\u003eSpencer, B. W., Hoffman, W. M., Biswas, S., Jiang, W., Giorla, A., \\u0026amp; Backman, M. A. (2021). Grizzly and BlackBear: Structural component aging simulation codes. \\u003cem\\u003eNuclear Technology, 207\\u003c/em\\u003e(7), 981\\u0026ndash;1003. https://doi.org/10.1080/00295450.2020.1794286\\u003c/li\\u003e\\n\\u003cli\\u003eTan, K. C., Lee, T. H., \\u0026amp; Khor, E. F. (2002). Evolutionary algorithms for multi-objective optimization: Performance assessments and comparisons. \\u003cem\\u003eArtificial Intelligence Review, 17\\u003c/em\\u003e(4), 251\\u0026ndash;290.\\u003c/li\\u003e\\n\\u003cli\\u003eVerma, S., Pant, M., \\u0026amp; Snasel, V. (2021). A comprehensive review on NSGA-II for multi-objective combinatorial optimization problems. \\u003cem\\u003eIEEE Access, 9\\u003c/em\\u003e, 57757\\u0026ndash;57791.\\u003c/li\\u003e\\n\\u003cli\\u003eWang, J., Neil, M., \\u0026amp; Fenton, N. (2020). A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. \\u003cem\\u003eComputers \\u0026amp; Security, 89\\u003c/em\\u003e, 101659. https://doi.org/10.1016/j.cose.2019.101659\\u003c/li\\u003e\\n\\u003cli\\u003eYi, P., Ding, H., \\u0026amp; Ramamurthy, B. (2016). Budget optimized network aware joint resource allocation in grids/clouds over optical networks. \\u003cem\\u003eJournal of Lightwave Technology, 34\\u003c/em\\u003e(16), 3890\\u0026ndash;3900. https://doi.org/10.1109/JLT.2016.2582160\\u003c/li\\u003e\\n\\u003cli\\u003eYin, J., Khan, R. U., Wang, X., \\u0026amp; Asad, M. (2024). A data centered multi factor seaport disruption risk assessment using Bayesian networks. \\u003cem\\u003eOcean Engineering, 308\\u003c/em\\u003e, 118338. https://doi.org/10.1016/j.oceaneng.2024.118338\\u003c/li\\u003e\\n\\u003cli\\u003eYu, J., Shvetsov, A. V., \\u0026amp; Alsamhi, S. H. (2024). Leveraging machine learning for cybersecurity resilience in industry 4.0: Challenges and future directions. \\u003cem\\u003eIEEE Access\\u003c/em\\u003e.\\u003c/li\\u003e\\n\\u003cli\\u003eZografopoulos, I., Ospina, J., Liu, X., \\u0026amp; Konstantinou, C. (2021). Cyber-physical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. \\u003cem\\u003eIEEE Access, 9\\u003c/em\\u003e, 29775\\u0026ndash;29818.\\u003c/li\\u003e\\n\\u003c/ol\\u003e\"}],\"fulltextSource\":\"\",\"fullText\":\"\",\"funders\":[],\"hasAdminPriorityOnWorkflow\":false,\"hasManuscriptDocX\":true,\"hasOptedInToPreprint\":true,\"hasPassedJournalQc\":\"\",\"hasAnyPriority\":false,\"hideJournal\":true,\"highlight\":\"\",\"institution\":\"\",\"isAcceptedByJournal\":false,\"isAuthorSuppliedPdf\":false,\"isDeskRejected\":\"\",\"isHiddenFromSearch\":false,\"isInQc\":false,\"isInWorkflow\":false,\"isPdf\":false,\"isPdfUpToDate\":true,\"isWithdrawnOrRetracted\":false,\"journal\":{\"display\":true,\"email\":\"info@researchsquare.com\",\"identity\":\"researchsquare\",\"isNatureJournal\":false,\"hasQc\":true,\"allowDirectSubmit\":true,\"externalIdentity\":\"\",\"sideBox\":\"\",\"snPcode\":\"\",\"submissionUrl\":\"/submission\",\"title\":\"Research Square\",\"twitterHandle\":\"researchsquare\",\"acdcEnabled\":true,\"dfaEnabled\":false,\"editorialSystem\":\"\",\"reportingPortfolio\":\"\",\"inReviewEnabled\":false,\"inReviewRevisionsEnabled\":true},\"keywords\":\"Cybersecurity optimization, Genetic Algorithms, Trust-region methods, Monte Carlo simulation, Financial risk management, Budget allocation\",\"lastPublishedDoi\":\"10.21203/rs.3.rs-7323238/v1\",\"lastPublishedDoiUrl\":\"https://doi.org/10.21203/rs.3.rs-7323238/v1\",\"license\":{\"name\":\"CC BY 4.0\",\"url\":\"https://creativecommons.org/licenses/by/4.0/\"},\"manuscriptAbstract\":\"\\u003cp\\u003eThis study presents a comparative analysis of genetic algorithms (GA) and trust-region constrained optimization (trust-constr) for optimizing cybersecurity budgets in interconnected financial networks. Using a monte carlo simulation with 10,000 iterations, we evaluated attack probabilities, residual risks, and cost structures across 15 financial nodes, including banks, fintech firms, and data centers. Our findings reveal that the trust-constr method outperforms the genetic algorithm (GA), delivering a 10.5% reduction in total costs (\\u003cspan\\u003e$\\u003c/span\\u003e52.1M compared to \\u003cspan\\u003e$\\u003c/span\\u003e58.2M) and a 15.6% decrease in residual risk (0.0038 vs. 0.0045), all while maintaining strict compliance with budgetary constraints. In contrast, the GA violated financial constraints in 26.7% of cases (4/15 nodes), including a critical violation where Bank_K\\u0026rsquo;s budget exceeded regulatory limits by 189% (\\u003cspan\\u003e$\\u003c/span\\u003e10.64M vs. \\u003cspan\\u003e$\\u003c/span\\u003e3.68M cap). These findings highlight that gradient-based methods are preferable for constraint sensitive financial applications, whereas GA may be reserved for exploratory, non-convex problem spaces. This work provides cybersecurity managers and policymakers with empirically validated guidelines for selecting optimization techniques based on problem structure and regulatory requirements.\\u003c/p\\u003e\",\"manuscriptTitle\":\"Optimizing Cybersecurity Budgets in Financial Networks: A Comparative Study of Genetic Algorithms and Trust-Region Methods\",\"msid\":\"\",\"msnumber\":\"\",\"nonDraftVersions\":[{\"code\":1,\"date\":\"2025-08-20 08:14:07\",\"doi\":\"10.21203/rs.3.rs-7323238/v1\",\"editorialEvents\":[{\"type\":\"communityComments\",\"content\":0}],\"status\":\"published\",\"journal\":{\"display\":true,\"email\":\"info@researchsquare.com\",\"identity\":\"researchsquare\",\"isNatureJournal\":false,\"hasQc\":true,\"allowDirectSubmit\":true,\"externalIdentity\":\"\",\"sideBox\":\"\",\"snPcode\":\"\",\"submissionUrl\":\"/submission\",\"title\":\"Research Square\",\"twitterHandle\":\"researchsquare\",\"acdcEnabled\":true,\"dfaEnabled\":false,\"editorialSystem\":\"\",\"reportingPortfolio\":\"\",\"inReviewEnabled\":false,\"inReviewRevisionsEnabled\":true}}],\"origin\":\"\",\"ownerIdentity\":\"3d7ab529-b897-41bf-b9fe-17397e54e08c\",\"owner\":[],\"postedDate\":\"August 20th, 2025\",\"published\":true,\"recentEditorialEvents\":[],\"rejectedJournal\":[],\"revision\":\"\",\"amendment\":\"\",\"status\":\"posted\",\"subjectAreas\":[],\"tags\":[],\"updatedAt\":\"2025-08-20T08:14:09+00:00\",\"versionOfRecord\":[],\"versionCreatedAt\":\"2025-08-20 08:14:07\",\"video\":\"\",\"vorDoi\":\"\",\"vorDoiUrl\":\"\",\"workflowStages\":[]},\"version\":\"v1\",\"identity\":\"rs-7323238\",\"journalConfig\":\"researchsquare\"},\"__N_SSP\":true},\"page\":\"/article/[identity]/[[...version]]\",\"query\":{\"redirect\":\"/article/rs-7323238\",\"identity\":\"rs-7323238\",\"version\":[\"v1\"]},\"buildId\":\"XKTyCvWXoU3ODBz1xrDgd\",\"isFallback\":false,\"isExperimentalCompile\":false,\"dynamicIds\":[84888],\"gssp\":true,\"scriptLoader\":[]}","source_license":"CC-BY-4.0","license_restricted":false}