Modelling and predicting enterprise-level cyber risks in the context of sparse data availability-Reference-Cited by-同舟云学术

Modelling and predicting enterprise-level cyber risks in the context of sparse data availability

Published:2022-12-10 Issue: Volume: Page:
ISSN:1018-5895
Container-title:The Geneva Papers on Risk and Insurance - Issues and Practice
language:en
Short-container-title:Geneva Pap Risk Insur Issues Pract

Author:

Zängerle Daniel^ORCID,Schiereck Dirk^ORCID

Abstract

AbstractDespite growing attention to cyber risks in research and practice, quantitative cyber risk assessments remain limited, mainly due to a lack of reliable data. This analysis leverages sparse historical data to quantify the financial impact of cyber incidents at the enterprise level. For this purpose, an operational risk database—which has not been previously used in cyber research—was examined to model and predict the likelihood, severity and time dependence of a company’s cyber risk exposure. The proposed model can predict a negative time correlation, indicating that individual cyber exposure is increasing if no cyber loss has been reported in previous years, and vice versa. The results suggest that the probability of a cyber incident correlates with the subindustry, with the insurance sector being particularly exposed. The predicted financial losses from a cyber incident are less extreme than cited in recent investigations. The study confirms that cyber risks are heavy-tailed, jeopardising business operations and profitability.

Funder

Technische Universität Darmstadt

Publisher

Springer Science and Business Media LLC

Subject

Economics and Econometrics,Finance,General Business, Management and Accounting,Accounting

Link

https://link.springer.com/content/pdf/10.1057/s41288-022-00282-6.pdf

Reference94 articles.

1. Aas, Kjersti, Claudia Czado, Arnoldo Frigessi, and Henrik Bakken. 2009. Pair-copula constructions of multiple dependence. Insurance: Mathematics and Economics 44 (2): 182–198. https://doi.org/10.1016/j.insmatheco.2007.02.001.

2. Acar, Elif F., Claudia Czado, and Martin Lysy. 2019. Flexible dynamic vine copula models for multivariate time series data. Econometrics and Statistics 12: 181–197. https://doi.org/10.1016/j.ecosta.2019.03.002.

3. Alberts, Christopher J., Sandra G. Behrens, Richard D. Pethia, and William R. Wilson. 1999. Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) Framework, Version 1.0. Fort Belvoir, VA.

4. Aldasoro, Iñaki, Leonardo Gambacorta, Paolo Giudici, and Thomas Leach. 2020. The drivers of cyber risk. BIS Working Papers No 865. https://www.bis.org/publ/work865.pdf. Accessed May 20, 2021

5. Ashby, Simon, Trevor Buck, Stephanie Nöth-Zahn, and Thomas Peisl. 2018. Emerging IT risks: insights from German banking. The Geneva Papers on Risk and Insurance — Issues and Practice 43 (2): 180–207. https://doi.org/10.1057/s41288-018-0081-8.

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A robust statistical framework for cyber-vulnerability prioritisation under partial information in threat intelligence;Expert Systems with Applications;2024-12

2. THE CONCEPT OF RISK MANAGEMENT: AN INTEGRATED ANALYSIS BASED ON THE CRITERIA OF THE FINANCIAL CONDITION OF ENTERPRISES;Financial and credit activity problems of theory and practice;2024-06-30

3. Ethical considerations in Risk management of autonomous and intelligent systems;Ethics & Bioethics;2024-06-01

4. The effect of corporate risk management on cyber risk mitigation: Evidence from the insurance industry;The Geneva Papers on Risk and Insurance - Issues and Practice;2024-05-22

5. Findings from the Polish InsurTech market as a roadmap for regulators;Computer Law & Security Review;2024-04