IDEAS home Printed from https://ideas.repec.org/a/eee/ejores/v272y2019i3p1109-1119.html
   My bibliography  Save this article

What are the actual costs of cyber risk events?

Author

Listed:
  • Eling, Martin
  • Wirfs, Jan

Abstract

Cyber risks are high on the business agenda of every company, but they are difficult to assess due to the absence of reliable data and thorough analyses. This paper is the first to consider a broad range of cyber risk events and actual cost data. For this purpose, we identify cyber losses from an operational risk database and analyze these with methods from statistics and actuarial science. We use the peaks-over-threshold method from extreme value theory to identify “cyber risks of daily life” and “extreme cyber risks”. Human behavior is the main source of cyber risk and cyber risks are very different compared with other risk categories. Our models can be used to yield consistent risk estimates, depending on country, industry, size, and other variables. The findings of the paper are also useful for practitioners, policymakers and regulators in improving the understanding of this new type of risk.

Suggested Citation

  • Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    • Handle: RePEc:eee:ejores:v:272:y:2019:i:3:p:1109-1119
    DOI: 10.1016/j.ejor.2018.07.021
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S037722171830626X
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ejor.2018.07.021?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Liu, Feng & Pitt, David, 2017. "Application of bivariate negative binomial regression model in analysing insurance count data," Annals of Actuarial Science, Cambridge University Press, vol. 11(2), pages 390-411, September.
    2. Adcock, C J & Meade, N, 2017. "Using parametric classification trees for model selection with applications to financial risk management," European Journal of Operational Research, Elsevier, vol. 259(2), pages 746-765.
    3. Laengle, Sigifredo & Merigó, José M. & Miranda, Jaime & Słowiński, Roman & Bomze, Immanuel & Borgonovo, Emanuele & Dyson, Robert G. & Oliveira, José Fernando & Teunter, Ruud, 2017. "Forty years of the European Journal of Operational Research: A bibliometric overview," European Journal of Operational Research, Elsevier, vol. 262(3), pages 803-816.
    4. Eling, Martin, 2012. "Fitting insurance claims to skewed distributions: Are the skew-normal and skew-student good models?," Insurance: Mathematics and Economics, Elsevier, vol. 51(2), pages 239-248.
    5. Bolance, Catalina & Guillen, Montserrat & Pelican, Elena & Vernic, Raluca, 2008. "Skewed bivariate models and nonparametric estimation for the CTE risk measure," Insurance: Mathematics and Economics, Elsevier, vol. 43(3), pages 386-393, December.
    6. Alexander J. McNeil & Rüdiger Frey & Paul Embrechts, 2015. "Quantitative Risk Management: Concepts, Techniques and Tools Revised edition," Economics Books, Princeton University Press, edition 2, number 10496.
    7. Cummins, J. David & Lewis, Christopher M. & Wei, Ran, 2006. "The market value impact of operational loss events for US banks and insurers," Journal of Banking & Finance, Elsevier, vol. 30(10), pages 2605-2634, October.
    8. Ganegoda, Amandha & Evans, John, 2013. "A scaling model for severity of operational losses using generalized additive models for location scale and shape (GAMLSS)," Annals of Actuarial Science, Cambridge University Press, vol. 7(1), pages 61-100, March.
    9. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    10. Valérie Chavez-Demoulin & Paul Embrechts & Marius Hofert, 2016. "An Extreme Value Approach for Modeling Operational Risk Losses Depending on Covariates," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 83(3), pages 735-776, September.
    11. Cannas, Giuseppina & Masala, Giovanni & Micocci, Marco, 2009. "Quantifying reputational effects for publicly traded financial institutions," Journal of Financial Transformation, Capco Institute, vol. 27, pages 76-81.
    12. Aven, Terje, 2016. "Risk assessment and risk management: Review of recent advances on their foundation," European Journal of Operational Research, Elsevier, vol. 253(1), pages 1-13.
    13. Nagurney, Anna & Shukla, Shivani, 2017. "Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability," European Journal of Operational Research, Elsevier, vol. 260(2), pages 588-600.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Eling, Martin & Wirfs, Jan Hendrik, 2016. "Cyber Risk: Too Big to Insure? Risk Transfer Options for a mercurial risk class," I.VW HSG Schriftenreihe, University of St.Gallen, Institute of Insurance Economics (I.VW-HSG), volume 59, number 59.
    2. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    3. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    4. Lu Wei & Jianping Li & Xiaoqian Zhu, 2018. "Operational Loss Data Collection: A Literature Review," Annals of Data Science, Springer, vol. 5(3), pages 313-337, September.
    5. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    6. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    7. Alexeev Vitali & Ignatieva Katja & Liyanage Thusitha, 2021. "Dependence Modelling in Insurance via Copulas with Skewed Generalised Hyperbolic Marginals," Studies in Nonlinear Dynamics & Econometrics, De Gruyter, vol. 25(2), pages 1-20, April.
    8. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    9. Nadine Gatzert & Joan T. Schmit & Andreas Kolb, 2016. "Assessing the Risks of Insuring Reputation Risk," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 83(3), pages 641-679, September.
    10. Hofert Marius & Memartoluie Amir & Saunders David & Wirjanto Tony, 2017. "Improved algorithms for computing worst Value-at-Risk," Statistics & Risk Modeling, De Gruyter, vol. 34(1-2), pages 13-31, June.
    11. Eling, Martin, 2014. "Fitting asset returns to skewed distributions: Are the skew-normal and skew-student good models?," Insurance: Mathematics and Economics, Elsevier, vol. 59(C), pages 45-56.
    12. Sturm, Philipp, 2013. "Operational and reputational risk in the European banking industry: The market reaction to operational risk events," Journal of Economic Behavior & Organization, Elsevier, vol. 85(C), pages 191-206.
    13. Scholz, Roland W. & Czichos, Reiner & Parycek, Peter & Lampoltshammer, Thomas J., 2020. "Organizational vulnerability of digital threats: A first validation of an assessment method," European Journal of Operational Research, Elsevier, vol. 282(2), pages 627-643.
    14. Bernardi, Mauro & Maruotti, Antonello & Petrella, Lea, 2012. "Skew mixture models for loss distributions: A Bayesian approach," Insurance: Mathematics and Economics, Elsevier, vol. 51(3), pages 617-623.
    15. Francesca Biagini & Tobias Huber & Johannes G. Jaspersen & Andrea Mazzon, 2021. "Estimating extreme cancellation rates in life insurance," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 88(4), pages 971-1000, December.
    16. Chan, Chi Kin & Zhou, Yan & Wong, Kar Hung, 2019. "An equilibrium model of the supply chain network under multi-attribute behaviors analysis," European Journal of Operational Research, Elsevier, vol. 275(2), pages 514-535.
    17. Valérie Chavez-Demoulin & Paul Embrechts & Marius Hofert, 2016. "An Extreme Value Approach for Modeling Operational Risk Losses Depending on Covariates," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 83(3), pages 735-776, September.
    18. Burzoni, Matteo & Munari, Cosimo & Wang, Ruodu, 2022. "Adjusted Expected Shortfall," Journal of Banking & Finance, Elsevier, vol. 134(C).
    19. Nadine Gatzert & Madeline Schubert, 2022. "Cyber risk management in the US banking and insurance industry: A textual and empirical analysis of determinants and value," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 89(3), pages 725-763, September.
    20. Ramon Alemany & Catalina Bolance & Montserrat Guillen, 2014. "Accounting for severity of risk when pricing insurance products," Working Papers 2014-05, Universitat de Barcelona, UB Riskcenter.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ejores:v:272:y:2019:i:3:p:1109-1119. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/eor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.