The nature of losses from cyber-related events: risk categories and business sectors-Reference-Cited by-同舟云学术

The nature of losses from cyber-related events: risk categories and business sectors

Published:2023-01-01 Issue:1 Volume:9 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Shevchenko Pavel V¹,Jang Jiwook¹,Malavasi Matteo¹,Peters Gareth W²^ORCID,Sofronov Georgy³,Trück Stefan¹

Affiliation:

1. Department of Actuarial Studies and Business Analytics, Macquarie Business School, Macquarie University , Sydney NSW 2109, Australia

2. Department of Statistics and Applied Probability, College of Letters and Science, University of California Santa Barbara , Santa Barbara, CA 93106, USA

3. School of Mathematical and Physical Sciences, Faculty of Science and Engineering, Macquarie University , Sydney NSW 2109, Australia

Abstract

Abstract In this study, we examine the nature of losses from cyber-related events across different risk categories and business sectors. Using a leading industry dataset of cyber events, we evaluate the relationship between the frequency and severity of individual cyber-related events and the number of affected records. We find that the frequency of reported cyber-related events has substantially increased between 2008 and 2016. Furthermore, the frequency and severity of losses depend on the business sector and type of cyber threat: the most significant cyber loss event categories, by number of events, were related to data breaches and the unauthorized disclosure of data, while cyber extortion, phishing, spoofing, and other social engineering practices showed substantial growth rates. Interestingly, we do not find a distinct pattern between the frequency of events, the loss severity, and the number of affected records as often alluded to in the literature. We also analyse the severity distribution of cyber-related events across all risk categories and business sectors. This analysis reveals that cyber risks are heavy-tailed, i.e. cyber risk events have a higher probability to produce extreme losses than events whose severity follows an exponential distribution. Furthermore, we find that the frequency and severity of cyber-related losses exhibit a very dynamic and time-varying nature.

Funder

Macquarie University

Publisher

Oxford University Press (OUP)

Subject

Law,Computer Networks and Communications,Political Science and International Relations,Safety, Risk, Reliability and Quality,Social Psychology,Computer Science (miscellaneous)

Link

https://academic.oup.com/cybersecurity/article-pdf/9/1/tyac016/48846454/tyac016.pdf

Reference36 articles.

1. Global risk report;World Economic Forum,2020

2. Cyber risk resources for practitioners;Allison,2014

3. Cyber risk executive summary;Allison,2014

4. International convergence of capital measurement and capital standards: a revised framework;Basel Committee on Banking Supervision,2006

5. A taxonomy of operational cyber security risks;Cebula,2010

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure;Journal of Cybersecurity and Privacy;2024-06-09

2. A Novel Zero-Trust Machine Learning Green Architecture for Healthcare IoT Cybersecurity: Review, Analysis, and Implementation;SoutheastCon 2024;2024-03-15

3. Evaluating cyber loss in star-ring and star-bus hybrid networks based on the bond percolation model;Communications in Statistics - Theory and Methods;2024-02-21

4. Security Attack Behavioural Pattern Analysis for Critical Service Providers;Journal of Cybersecurity and Privacy;2024-01-10

5. A Bonus-Malus framework for cyber risk insurance and optimal cybersecurity provisioning;European Actuarial Journal;2023-11-08