Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach-Reference-Cited by-同舟云学术

Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach

Published:2023-04 Issue:2 Volume:48 Page:463-501
ISSN:1018-5895
Container-title:The Geneva Papers on Risk and Insurance - Issues and Practice
language:en
Short-container-title:Geneva Pap Risk Insur Issues Pract

Author:

von Skarczinski Bennet^ORCID,Raschke Mathias^ORCID,Teuteberg Frank^ORCID

Abstract

AbstractCyber incidents are among the most critical business risks for organisations and can lead to large financial losses. However, previous research on loss modelling is based on unassured data sources because the representativeness and completeness of op-risk databases cannot be assured. Moreover, there is a lack of modelling approaches that focus on the tail behaviour and adequately account for extreme losses. In this paper, we introduce a novel ‘tempered’ generalised extreme value (GEV) approach. Based on a stratified random sample of 5000 interviewed German organisations, we model different loss distributions and compare them to our empirical data using graphical analysis and goodness-of-fit tests. We differentiate various subsamples (industry, size, attack type, loss type) and find our modified GEV outperforms other distributions, such as the lognormal and Weibull distributions. Finally, we calculate losses for the German economy, present application examples, derive implications as well as discuss the comparison of loss estimates in the literature.

Funder

Bundesministerium für Wirtschaft und Energie

Universität Osnabrück

Publisher

Springer Science and Business Media LLC

Subject

Economics and Econometrics,Finance,General Business, Management and Accounting,Accounting

Link

https://link.springer.com/content/pdf/10.1057/s41288-023-00293-x.pdf

Reference79 articles.

1. Abrams, L. 2021. Coop supermarket closes 500 stores after Kaseya Ransomware Attack. https://www.bleepingcomputer.com/news/security/coop-supermarket-closes-500-stores-after-kaseya-ransomware-attack/. Accessed 22 Jan 2023.

2. Ahlander, J. and J. Menn. 2021. Major Ransomware Attack against U.S. tech provider forces swedish store closures. https://www.reuters.com/technology/cyber-attack-against-us-it-provider-forces-swedish-chain-close-800-stores-2021-07-03/. Accessed 28 Aug 2021.

3. Albrecher, H., J.C. Araujo-Acuna, and J. Beirlant. 2021. Tempered Pareto-type modelling using Weibull distributions. ASTIN Bulletin 51 (2): 509–538. https://doi.org/10.1017/asb.2020.43.

4. Allianz. Allianz risk barometer 2022: the most important business risks for the next 12 months and beyond, based on the insight of 2,650 risk management experts from 89 countries and territories. 2022. https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2020.pdf. Accessed 5 Apr 2022

5. Anderson, R., C. Barton, R. Böhme, R. Clayton, C. Ganan, T. Grasso, M. Levi, T. Moore, and M. Vasek. 2019. Measuring the changing cost of cybercrime. The 18th annual workshop on the economics of information security. https://doi.org/10.17863/CAM.41598.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic Review;Information & Computer Security;2024-06-25