In the last decade and recently, a wide range of industries and organizations have been subject to IT-related security threats and cybersecurity breaches of varying degrees of severity at an alarming rate. A common practice adopted by organizations to ensure system and network security is to conduct regular audits and assessments. This paper takes on an organizational strategy perspective to analytically model the cost impact of random breaches in various types of networks subject to different types of audit policy. The analysis focuses on the interplay between the cost associated with a security breach on the one hand, and audit policy on the other. We develop a model for a non-stationary stochastic arrival process of security breaches and analyze the impact on mean and variance of total cost of different network configurations and audit policies. The generality of our modeling of the arrival process and the cost function permits a variety of attack and cost landscapes to be modeled and analyzed, with different breach intensities and costs (as functions of time) leading to different recommendations in terms of effective audit policy. Our analysis highlights the impact of intensity of security breach and cost of breach on the interaction between different network configurations and audit policies. One of our counter-intuitive findings is that under high security threat conditions a centralized network has a lower mean as well as a lower variance of total cost than a decentralized network, in case of cyclic and random audits; this analytically derived proposition is an interesting instance of a dual risk-pooling effect that goes beyond conventional risk-pooling. We extend our analysis to consider an asymmetric network and correlated breaches. © The Author(s) 2025