Explainable Security Investment: A Shapley Value Inspired Metric
By S. Destyny Ho, Yunxiao Zhang, and Achim D. Brucker.
Many existing methods can effectively find the optimal cybersecurity investment, but communicating these findings to non-technical stakeholders is a well-known cybersecurity challenge [27]. This work aims to provide additional metrics that grant further insight and justifications for an implemented cybersecurity portfolio. The Shapley value is a classic concept in cooperative game theory that quantifies the fair contribution of each player to a collective outcome. In security games, it offers a natural way to measure the contribution of individual security controls to overall defence. However, the Harsanyi dividend of combining two coalitions when taking their respective security reductions as their portfolio contribution tends to negative attributions in undesirable situations. This undermines interpretability. In this work, we propose a novel measure tailored for security games which guarantees non-negative Harsanyi dividends when combining coalitions that result in the significant increase of security. The method is grounded in the composition of two key factors that capture each controls marginal impact. These factors offer an interpretable and fair decomposition of the overall security effectiveness. Beyond interpretability, we demonstrate how these attributions can support decision-making in cyber defence planning. To address computational scalability, we present an approximation algorithm that significantly reduces runtimes with little impact on explainability.
Please cite this work as follows: S. D. Ho, Y. Zhang, and A. D. Brucker, “Explainable security investment: A shapley value inspired metric,” Mar. 2026. 14th EAI International Conference on Game Theory for Networks, GameNets 2025 ; Conference date: 17-03-2025 Through 18-03-2025
BibTeX
@InProceedings{ ho.ea:explainable:2026,
title = {Explainable Security Investment: A Shapley Value Inspired
Metric},
author = {S. Destyny Ho and Yunxiao Zhang and Achim D. Brucker},
note = {14th EAI International Conference on Game Theory for
Networks, GameNets 2025 ; Conference date: 17-03-2025 Through
18-03-2025},
year = {2026},
month = {mar},
areas = {security},
abstract = {Many existing methods can effectively find the optimal
cybersecurity investment, but communicating these findings to
non-technical stakeholders is a well-known cybersecurity
challenge [27]. This work aims to provide additional metrics
that grant further insight and justifications for an
implemented cybersecurity portfolio. The Shapley value is a
classic concept in cooperative game theory that quantifies the
fair contribution of each player to a collective outcome. In
security games, it offers a natural way to measure the
contribution of individual security controls to overall
defence. However, the Harsanyi dividend of combining two
coalitions when taking their respective security reductions as
their portfolio contribution tends to negative attributions in
undesirable situations. This undermines interpretability. In
this work, we propose a novel measure tailored for security
games which guarantees non-negative Harsanyi dividends when
combining coalitions that result in the significant increase
of security. The method is grounded in the composition of two
key factors that capture each controls marginal impact. These
factors offer an interpretable and fair decomposition of the
overall security effectiveness. Beyond interpretability, we
demonstrate how these attributions can support decision-making
in cyber defence planning. To address computational
scalability, we present an approximation algorithm that
significantly reduces runtimes with little impact on
explainability.},
}