Author
Listed:
- Ruben D Cohen
- Jonathan Humphries
- Sabrina Veau
- Roger Francis
Abstract
Cyber risk is one of the most challenging areas of risk, not only because it is relatively nascent but also because it remains an elusive moving target due to an ever-evolving threat landscape. A lack of structured data and the systemic implications of multifaceted impacts of overlapping risk frameworks are additional factors that make this risk difficult to quantify. As a starting point for overcoming this challenge, our paper considers a potential definition of this risk type, encompassing confidentiality, integrity and availability; the key components of a cyber-risk framework; a taxonomy to help establish a common framework for data collection to aid quantification; and the key quantification challenges. It then focuses on quantifying the direct financial and compensatory losses emanating from cyber risks. To help us carry this out, dimensional analysis is incorporated in the same manner as it has been applied to operational losses; this enables the identification of any similarities and/ or gross deviations between the profiles of cyber and non-cyber operational losses. In all, considering the limited amount of cyber data available, this analysis shows that (1) a taxonomy for cyber risk that maps directly to operational risk might be a worthwhile exercise; (2) cyber loss data has a fundamental risk profile similar to that of non-cyber operational risk losses, with both following the same trend; and (3) the underlying risk profile related to cyber losses has not changed materially over time. These findings come with the added implications that (1) mapping the taxonomies of cyber and operational risk against each other could be conducted more objectively; (2) operational risk modeling techniques that have been developed over the past decade or so could be used in the same way to assess the direct financial impact of cyber risk as a starting point; and (3) although there has been an increase in both the frequency and the severity of cyber losses over the past few years, there has not been a major paradigm shift in their fundamental risk profile over the same period of time.
Suggested Citation
Handle:
RePEc:rsk:journ3:7024951
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:rsk:journ3:7024951. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Thomas Paine (email available below). General contact details of provider: https://www.risk.net/journal-of-operational-risk .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/rsk/journ3/7024951.html
My bibliography
Save this article