IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v47y2022i3d10.1057_s41288-022-00266-6.html
   My bibliography  Save this article

Cyber risk and cybersecurity: a systematic review of data availability

Author

Listed:
  • Frank Cremer

    (University of Limerick)

  • Barry Sheehan

    (University of Limerick)

  • Michael Fortmann

    (TH Köln University of Applied Sciences)

  • Arash N. Kia

    (University of Limerick)

  • Martin Mullins

    (University of Limerick)

  • Finbarr Murphy

    (University of Limerick)

  • Stefan Materne

    (TH Köln University of Applied Sciences)

Abstract

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

Suggested Citation

  • Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.
    • Handle: RePEc:pal:gpprii:v:47:y:2022:i:3:d:10.1057_s41288-022-00266-6
    DOI: 10.1057/s41288-022-00266-6
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-022-00266-6
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-022-00266-6?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    2. Corey Dunn & Nour Moustafa & Benjamin Turnbull, 2020. "Robustness Evaluations of Sustainable Machine Learning Models against Data Poisoning Attacks in the Internet of Things," Sustainability, MDPI, vol. 12(16), pages 1-17, August.
    3. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    4. Farsi, Hamed & Fanian, Ali & Taghiyarrenani, Zahra, 2019. "A novel online state-based anomaly detection system for process control networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 27(C).
    5. Bessy-Roland, Yannick & Boumezoued, Alexandre & Hillairet, Caroline, 2021. "Multivariate Hawkes process for cyber insurance," Annals of Actuarial Science, Cambridge University Press, vol. 15(1), pages 14-39, March.
    6. Kamran Shaukat & Suhuai Luo & Vijay Varadharajan & Ibrahim A. Hameed & Shan Chen & Dongxi Liu & Jiaming Li, 2020. "Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity," Energies, MDPI, vol. 13(10), pages 1-27, May.
    7. Sheehan, Barry & Murphy, Finbarr & Mullins, Martin & Ryan, Cian, 2019. "Connected and autonomous vehicles: A cyber-risk classification framework," Transportation Research Part A: Policy and Practice, Elsevier, vol. 124(C), pages 523-536.
    8. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    9. M.‐Elisabeth Paté‐Cornell & Marshall Kuypers & Matthew Smith & Philip Keller, 2018. "Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 226-241, February.
    10. Vita Santa Barletta & Danilo Caivano & Antonella Nannavecchia & Michele Scalera, 2020. "Intrusion Detection for in-Vehicle Communication Networks: An Unsupervised Kohonen SOM Approach," Future Internet, MDPI, vol. 12(7), pages 1-24, July.
    11. Basim Mahbooba & Mohan Timilsina & Radhya Sahal & Martin Serrano & Ahmed Mostafa Khalil, 2021. "Explainable Artificial Intelligence (XAI) to Enhance Trust Management in Intrusion Detection Systems Using Decision Tree Model," Complexity, Hindawi, vol. 2021, pages 1-11, January.
    12. Eric Dal Moro, 2020. "Towards an Economic Cyber Loss Index for Parametric Cover Based on IT Security Indicator: A Preliminary Analysis," Risks, MDPI, vol. 8(2), pages 1-12, May.
    13. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    14. Barry Sheehan & Finbarr Murphy & Arash N. Kia & Ronan Kiely, 2021. "A quantitative bow-tie cyber risk classification and assessment framework," Journal of Risk Research, Taylor & Francis Journals, vol. 24(12), pages 1619-1638, December.
    15. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    16. Martin Eling & Werner Schnell, 2016. "What do we know about cyber risk and cyber risk insurance?," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 17(5), pages 474-491, November.
    17. Sokratis Vidros & Constantinos Kolias & Georgios Kambourakis & Leman Akoglu, 2017. "Automatic Detection of Online Recruitment Frauds: Characteristics, Methods, and a Public Dataset," Future Internet, MDPI, vol. 9(1), pages 1-19, March.
    18. Chatterjee, Samrat & Thekdi, Shital, 2020. "An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    19. George Loukas & Diane Gan & Tuan Vuong, 2013. "A Review of Cyber Threats and Defence Approaches in Emergency Management," Future Internet, MDPI, vol. 5(2), pages 1-32, May.
    20. Alberto Sardi & Alessandro Rizzi & Enrico Sorano & Anna Guerrieri, 2021. "Cyber Risk in Health Facilities: A Systematic Literature Review," Papers 2102.04093, arXiv.org.
    21. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    22. Ahmed Mahfouz & Abdullah Abuhussein & Deepak Venugopal & Sajjan Shiva, 2020. "Ensemble Classifiers for Network Intrusion Detection Using a Novel Network Attack Dataset," Future Internet, MDPI, vol. 12(11), pages 1-19, October.
    23. Sejun Jang & Shuyu Li & Yunsick Sung, 2020. "FastText-Based Local Feature Visualization Algorithm for Merged Image-Based Malware Classification Framework for Cyber Security and Cyber Defense," Mathematics, MDPI, vol. 8(3), pages 1-13, March.
    24. Sovacool, Benjamin K., 2008. "The costs of failure: A preliminary assessment of major energy accidents, 1907-2007," Energy Policy, Elsevier, vol. 36(5), pages 1802-1820, May.
    25. Joachim Bjørge Ulven & Gaute Wangen, 2021. "A Systematic Review of Cybersecurity Risks in Higher Education," Future Internet, MDPI, vol. 13(2), pages 1-40, February.
    26. Matthew J Page & Joanne E McKenzie & Patrick M Bossuyt & Isabelle Boutron & Tammy C Hoffmann & Cynthia D Mulrow & Larissa Shamseer & Jennifer M Tetzlaff & Elie A Akl & Sue E Brennan & Roger Chou & Jul, 2021. "The PRISMA 2020 statement: An updated guideline for reporting systematic reviews," PLOS Medicine, Public Library of Science, vol. 18(3), pages 1-15, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    2. Fahim Sufi, 2023. "A New AI-Based Semantic Cyber Intelligence Agent," Future Internet, MDPI, vol. 15(7), pages 1-27, June.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    2. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    3. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    4. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    5. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    6. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    7. Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "Cyber Insurance Risk: Reporting Delays, Third-Party Cyber Events, and Changes in Reporting Propensity -- An Analysis Using Data Breaches Published by U.S. State Attorneys General," Papers 2310.04786, arXiv.org.
    8. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang, 2022. "Cyber Loss Model Risk Translates to Premium Mispricing and Risk Sensitivity," Papers 2202.10588, arXiv.org, revised Mar 2023.
    9. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    10. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    11. Spencer Wheatley & Annette Hofmann & Didier Sornette, 2021. "Addressing insurance of data breach cyber risks in the catastrophe framework," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 46(1), pages 53-78, January.
    12. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    13. Alberto Sardi & Alessandro Rizzi & Enrico Sorano & Anna Guerrieri, 2021. "Cyber Risk in Health Facilities: A Systematic Literature Review," Papers 2102.04093, arXiv.org.
    14. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    15. Da, Gaofeng & Xu, Maochao & Zhao, Peng, 2021. "Multivariate dependence among cyber risks based on L-hop propagation," Insurance: Mathematics and Economics, Elsevier, vol. 101(PB), pages 525-546.
    16. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    17. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    18. Dacorogna, Michel & Debbabi, Nehla & Kratz, Marie, 2023. "Building up cyber resilience by better grasping cyber risk via a new algorithm for modelling heavy-tailed data," European Journal of Operational Research, Elsevier, vol. 311(2), pages 708-729.
    19. Alberto Sardi & Alessandro Rizzi & Enrico Sorano & Anna Guerrieri, 2020. "Cyber Risk in Health Facilities: A Systematic Literature Review," Sustainability, MDPI, vol. 12(17), pages 1-16, August.
    20. Ulrik Franke, 2020. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 760-784, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:47:y:2022:i:3:d:10.1057_s41288-022-00266-6. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.