Predictive Taxonomy Analytics (LASSO): Predicting Outcome Types of Cyber Breach-Reference-Cited by-同舟云学术

Predictive Taxonomy Analytics (LASSO): Predicting Outcome Types of Cyber Breach

Published:2023-01-01 Issue:1 Volume:9 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Goh Jing Rong¹²³^ORCID,Wang Shaun S²⁴,Harel Yaniv⁵,Toh Gabriel⁶

Affiliation:

1. School of Economics, Singapore Management University , Singapore 188065

2. Risk Lighthouse International , Singapore 051531

3. Accredify , Singapore 339213

4. Department of Finance, Southern University of Science and Technology , Shenzhen 518055 , China

5. Interdisciplinary Cyber Research Center (ICRC), Tel Aviv University , Tel Aviv 6997801 , Israel

6. Cyber Risk Management [CyRiM] Project, Nanyang Business School, Nanyang Technological University , Singapore 639798

Abstract

Abstract Cyber breaches are costly for the global economy and extensive efforts have gone into improving the cybersecurity infrastructure. There are numerous types of cyber breaches that vary greatly in terms of cause and impact, resulting in an extensive literature for individual cyber breach type. Our paper seeks to provide a general framework that can be easily applied to analyze different types of cyber breaches. Our framework is inspired by the taxonomy approach in the cybersecurity literature, where it was proposed that an effective set of taxonomy can provide a direction on supporting improved decision-making in cyber risk management and selecting relevant cybersecurity controls. Our paper extends upon the current approach by using this taxonomy to model and predict the associated breach outcomes, given the occurrence of a cyber breach. Specifically, our paper applies least absolute shrinkage and selection operator (LASSO) within a taxonomy framework. Using a proprietary database of known cyber breaches, we show that this analytical tool performs well in out-of-sample predictions and a stable model that generates consistent predictions. For each cyber breach outcome type, we also provide the list of keywords that are useful in predicting the outcome type. We envision researchers, insurers, underwriters, and cybersecurity professionals can use (or expand on) our list of keywords, or use our method to yield their own set of keywords. Practitioners who seek to mitigate their cyber risk may use these keywords as a guide towards the specific attack surfaces that might be most susceptible to the corresponding breach. Our paper lays the groundwork for researchers to better apply the taxonomy approach within cybersecurity research. We also perform regression analysis to identify industries that are most susceptible to various cyber breach events. Our results corroborate with the literature, where some industries are indeed more likely to be impacted by certain types of cyberattacks.

Funder

Cyber Risk Management

National Research Foundation of Singapore

Tel Aviv University of Israel

Publisher

Oxford University Press (OUP)

Subject

Law,Computer Networks and Communications,Political Science and International Relations,Safety, Risk, Reliability and Quality,Social Psychology,Computer Science (miscellaneous)

Link

https://academic.oup.com/cybersecurity/article-pdf/9/1/tyad015/51101837/tyad015.pdf

Reference35 articles.

1. The Economic Impact of Cybercrime—No Slowing Down;McAfee

2. The Hidden Costs of Cybercrime;McAfee

3. This is the Crippling Cost of Cybercrime on Corporations;World Economic Forum;World Economic Forum

4. Hype and heavy tails: a closer look at data breachnes;Edwards;J Cybersecur,2016

5. Estimating the contextual risk of data breach: an empirical approach;Sen;J Manag Inf Syst,2015

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Early-life experience reorganizes neuromodulatory regulation of stage-specific behavioral responses and individuality dimensions during development;eLife;2023-05-17