Abstract
It is essential to look at cybersecurity not only as a technical problem but also from economic, societal, and legal perspectives. Companies need to pay more attention to planning and investments in cybersecurity due to different factors, such as budget constraints and complexities involved in the planning and decision-making processes. Also, companies wrongly do not see themselves as the target of a potential cyberattack. Therefore, there is still a need for approaches that support companies, especially Small and Medium-sized Enterprises (SME), during the cybersecurity planning and investment decisions. This PhD thesis addressed cybersecurity planning and investment gaps by proposing the CyberTEA approach. This approach is composed of a five-phase methodology, a framework, and a set of solutions for cybersecurity planning and investment, considering the technical requirements of cybersecurity and its economic dimensions, such as the potential economic impacts of cyberattacks and the cost-benefit of protections available on the market to protect against specific threats. The evaluations and scientific advances of CyberTEA approach was proven valid to support SMEs while also showing the benefits and opportunities for cybersecurity economic approaches.