IDEAS home Printed from https://ideas.repec.org/a/gam/jrisks/v9y2021i10p184-d658715.html
   My bibliography  Save this article

Cyber Risk Quantification: Investigating the Role of Cyber Value at Risk

Author

Listed:
  • Albina Orlando

    (Istituto per le Applicazioni del Calcolo “Mauro Picone”, Consiglio Nazionale delle Ricerche (CNR), Via Pietro Castellino 111, 80131 Naples, Italy)

Abstract

The aim of this paper is to deepen the application of value at risk in the cyber domain, with particular attention to its potential role in security investment valuation. Cyber risk is a fundamental component of the overall risk faced by any organization. In order to plan the size of security investments and to estimate the consequent risk reduction, managers strongly need to quantify it. Accordingly, they can decide about the possibility of sharing residual risk with a third party, such as an insurance company. Recently, cyber risk management techniques are including some risk quantile-based measures that are widely employed in the financial domain. They refer to value at risk that, in the cyber context, takes the name of cyber value at risk (Cy-VaR). In this paper, the main features and challenging issues of Cy-VaR are examined. The possible use of this risk measure in supporting investment decisions in cyber context is discussed, and new risk-based security metrics are proposed. Some simple examples are given to show their potential.

Suggested Citation

  • Albina Orlando, 2021. "Cyber Risk Quantification: Investigating the Role of Cyber Value at Risk," Risks, MDPI, vol. 9(10), pages 1-12, October.
    • Handle: RePEc:gam:jrisks:v:9:y:2021:i:10:p:184-:d:658715
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-9091/9/10/184/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-9091/9/10/184/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    2. Edward Zaik & John Walter & Gabriela Retting & Christopher James, 1996. "Raroc At Bank Of America: From Theory To Practice," Journal of Applied Corporate Finance, Morgan Stanley, vol. 9(2), pages 83-93, June.
    3. Mark Bentley & Alec Stephenson & Peter Toscas & Zili Zhu, 2020. "A Multivariate Model to Quantify and Mitigate Cybersecurity Risk," Risks, MDPI, vol. 8(2), pages 1-21, June.
    4. Atanu Sengupta & Sanjoy De, 2020. "Review of Literature," India Studies in Business and Economics, in: Assessing Performance of Banks in India Fifty Years After Nationalization, chapter 0, pages 15-30, Springer.
    5. Alexander J. McNeil & Rüdiger Frey & Paul Embrechts, 2015. "Quantitative Risk Management: Concepts, Techniques and Tools Revised edition," Economics Books, Princeton University Press, edition 2, number 10496.
    6. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zuzanna Zaporowska & Marek Szczepański, 2022. "Exploration of Lean Management Methods Used in Shared Services Centers, Drivers and Barriers to Process Selection for Improvements in the Light of Risk Management and ESG Reporting," Sustainability, MDPI, vol. 14(8), pages 1-20, April.
    2. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    2. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    3. Matteo Malavasi & Gareth W. Peters & Stefan Treuck & Pavel V. Shevchenko & Jiwook Jang & Georgy Sofronov, 2024. "Cyber Risk Taxonomies: Statistical Analysis of Cybersecurity Risk Classifications," Papers 2410.05297, arXiv.org.
    4. Sojung Kim & Stefan Weber, 2020. "Simulation Methods for Robust Risk Assessment and the Distorted Mix Approach," Papers 2009.03653, arXiv.org, revised Jan 2022.
    5. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    6. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    7. Na Ren & Xin Zhang, 2024. "A novel k-generation propagation model for cyber risk and its application to cyber insurance," Papers 2408.14151, arXiv.org.
    8. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    9. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    10. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    11. Kerstin Awiszus & Thomas Knispel & Irina Penner & Gregor Svindland & Alexander Vo{ss} & Stefan Weber, 2022. "Modeling and Pricing Cyber Insurance -- Idiosyncratic, Systematic, and Systemic Risks," Papers 2209.07415, arXiv.org, revised Dec 2022.
    12. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    13. Abduraimova, Kumushoy, 2022. "Contagion and tail risk in complex financial networks," Journal of Banking & Finance, Elsevier, vol. 143(C).
    14. Tobias Fissler & Yannick Hoga, 2024. "How to Compare Copula Forecasts?," Papers 2410.04165, arXiv.org.
    15. José María López-Sanz & Azucena Penelas-Leguía & Pablo Gutiérrez-Rodríguez & Pedro Cuesta-Valiño, 2021. "Sustainable Development and Consumer Behavior in Rural Tourism—The Importance of Image and Loyalty for Host Communities," Sustainability, MDPI, vol. 13(9), pages 1-20, April.
    16. Masahiko Egami & Rusudan Kevkhishvili, 2020. "Time reversal and last passage time of diffusions with applications to credit risk management," Finance and Stochastics, Springer, vol. 24(3), pages 795-825, July.
    17. Avanzi, Benjamin & Taylor, Greg & Wong, Bernard & Yang, Xinda, 2021. "On the modelling of multivariate counts with Cox processes and dependent shot noise intensities," Insurance: Mathematics and Economics, Elsevier, vol. 99(C), pages 9-24.
    18. Pfeifer Dietmar & Mändle Andreas & Ragulina Olena, 2017. "New copulas based on general partitions-of-unity and their applications to risk management (part II)," Dependence Modeling, De Gruyter, vol. 5(1), pages 246-255, October.
    19. Diba Daraei & Kristina Sendova, 2024. "Determining Safe Withdrawal Rates for Post-Retirement via a Ruin-Theory Approach," Risks, MDPI, vol. 12(4), pages 1-21, April.
    20. Makam, Vaishno Devi & Millossovich, Pietro & Tsanakas, Andreas, 2021. "Sensitivity analysis with χ2-divergences," Insurance: Mathematics and Economics, Elsevier, vol. 100(C), pages 372-383.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jrisks:v:9:y:2021:i:10:p:184-:d:658715. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.