Affiliation:
1. University of Illinois at Urbana-Champaign, Champaign, Illinois
2. University of Illinois at Urbana-Champaign, Urbana, Illinois
Abstract
The fact that “cyber risk” is indeed a collective term for various distinct risks creates great difficulty in communications. For example, policyholders of “cyber insurance” contracts often have a limited or inaccurate understanding about the coverage that they have. To address this issue, we propose a cyber risk categorization method using clustering techniques. This method classifies cyber incidents based on their consequential losses for insurance and risk management purposes. As a result, it also reveals the relationship between the causes and the outcomes of incidents. Our results show that similar cyber incidents, which are often not properly distinguished, can lead to very different losses. We hope that our work can clarify the differences between cyber risks and provide a set of risk categories that is feasible in practice and for future studies.
Funder
U.S. Department of Homeland Security
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Management Information Systems
Reference57 articles.
1. The Market for "Lemons": Quality Uncertainty and the Market Mechanism
2. Why information security is hard - an economic perspective
3. Information security: Where computer science, economics and psychology meet;Anderson Ross;Philos. Trans. Roy. Soc. A: Math., Phys. Eng. Sci.,2009
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献