Cyber Risk Assessment for Capital Management

  title={Cyber Risk Assessment for Capital Management},
  author={Wing Fung Chong and Runhuan Feng and Hins Hu and Linfeng Zhang},
Cyber risk is an omnipresent risk in the increasingly digitized world that is known to be difficult to quantify and assess. Despite the fact that cyber risk shows distinct characteristics from conventional risks, most existing models for cyber risk in the insurance literature have been purely based on frequency-severity analysis, which was developed for classical property and casualty risks. In contrast, the cybersecurity engineering literature employs different approaches, under which cyber… 

Figures and Tables from this paper


What are the actual costs of cyber risk events?
Analysis of Cyber Incident Categories Based on Losses
This work proposes a cyber risk categorization method using clustering techniques that classifies cyber incidents based on their consequential losses for insurance and risk management purposes and reveals the relationship between the causes and the outcomes of incidents.
A Fundamental Approach to Cyber Risk Analysis
This paper provides a framework actuaries can use to think about cyber risk by separating the nature of risk arrival from the target exposed to risk, which is a prerequisite for establishing a deep and stable market for cyber risk insurance.
An Actuarial Framework for Power System Reliability Considering Cybersecurity Threats
An actuarial framework is established to capture and reduce the riskiness raised by interdependence among cyber risks, with the aim to enhance cyber insurance market for power systems.
Models and Measures for Correlation in Cyber-Insurance
This paper introduces a new classification of correlation properties of cyber-risks based on a twin-tier approach and addresses technical, managerial and policy choices influencing the correlation at both steps and the business implications thereof.
Private Sector Cyber Security Investment: An Empirical Analysis
A conceptual approach is introduced to consider the trade-offs between various investment and implementation strategies and some public policy options to determine the level and type of cyber security mechanisms in which they invest and which they maintain.
A Taxonomy of Operational Cyber Security Risks
This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (SM) (OCTAVE (trademark)) method.
Systems engineering framework for cyber physical security and resilience
AbstractAs our infrastructure, economy, and national defense increasingly rely upon cyberspace and information technology, the security of the systems that support these functions becomes more
The economics of information security investment
An economic model is presented that determines the optimal amount to invest to protect a given set of information and takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur.