IDEAS home Printed from https://ideas.repec.org/a/spr/alstar/v105y2021i3d10.1007_s10182-020-00387-0.html
   My bibliography  Save this article

Cyber risk ordering with rank-based statistical models

Author

Listed:
  • Paolo Giudici

    (University of Pavia)

  • Emanuela Raffinetti

    (Università degli Studi di Milano)

Abstract

In a world that is increasingly connected on-line, cyber risks become critical. Cyber risk management is very difficult, as cyber loss data are typically not disclosed. To mitigate the reputational risks associated with their disclosure, loss data may be collected in terms of ordered severity levels. However, to date, there are no risk models for ordinal cyber data. We fill the gap, proposing a rank-based statistical model aimed at predicting the severity levels of cyber risks. The application of our approach to a real-world case shows that the proposed models are, while statistically sound, simple to implement and interpret.

Suggested Citation

  • Paolo Giudici & Emanuela Raffinetti, 2021. "Cyber risk ordering with rank-based statistical models," AStA Advances in Statistical Analysis, Springer;German Statistical Society, vol. 105(3), pages 469-484, September.
    • Handle: RePEc:spr:alstar:v:105:y:2021:i:3:d:10.1007_s10182-020-00387-0
    DOI: 10.1007/s10182-020-00387-0
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10182-020-00387-0
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10182-020-00387-0?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Silvia Facchinetti & Paolo Giudici & Silvia Angela Osmetti, 2020. "Cyber risk measurement with ordinal data," Statistical Methods & Applications, Springer;Società Italiana di Statistica, vol. 29(1), pages 173-185, March.
    2. Shin, Jinsoo & Son, Hanseong & Khalil ur, Rahman & Heo, Gyunyoung, 2015. "Development of a cyber security risk model using Bayesian networks," Reliability Engineering and System Safety, Elsevier, vol. 134(C), pages 208-217.
    3. Cameron A. MacKenzie, 2014. "Summarizing Risk Using Risk Measures and Risk Indices," Risk Analysis, John Wiley & Sons, vol. 34(12), pages 2143-2162, December.
    4. Brechmann, Eike & Czado, Claudia & Paterlini, Sandra, 2014. "Flexible dependence modeling of operational risk losses and its impact on total capital requirements," Journal of Banking & Finance, Elsevier, vol. 40(C), pages 271-285.
    5. Eisenbach, Thomas M. & Kovner, Anna & Lee, Michael Junho, 2022. "Cyber risk and the U.S. financial system: A pre-mortem analysis," Journal of Financial Economics, Elsevier, vol. 145(3), pages 802-826.
    6. Giudici, P. & Raffinetti, E., 2011. "On the Gini measure decomposition," Statistics & Probability Letters, Elsevier, vol. 81(1), pages 133-139, January.
    7. E. Raffinetti & I. Romeo, 2015. "Dealing with the biased effects issue when handling huge datasets: the case of INVALSI data," Journal of Applied Statistics, Taylor & Francis Journals, vol. 42(12), pages 2554-2570, December.
    8. Emanuel Kopp & Lincoln Kaffenberger & Christopher Wilson, 2017. "Cyber Risk, Market Failures, and Financial Stability," IMF Working Papers 2017/185, International Monetary Fund.
    9. Radanliev, Petar & De Roure, David & Nicolescu, Razvan & Huth, Michael & Mantilla Montalvo, Rafael & Cannady, Stacy & Burnap, Peter, 2018. "Future developments in cyber risk assessment for the internet of things," MPRA Paper 92567, University Library of Munich, Germany, revised Sep 2018.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Financial Stability Review, Banco de España, issue Autumn.
    2. Silvia Facchinetti & Paolo Giudici & Silvia Angela Osmetti, 2020. "Cyber risk measurement with ordinal data," Statistical Methods & Applications, Springer;Società Italiana di Statistica, vol. 29(1), pages 173-185, March.
    3. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    4. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Financial Stability Review, Banco de España, issue Autumn.
    5. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    6. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    7. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    8. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Revista de Estabilidad Financiera, Banco de España, issue Otoño.
    9. Lu Yang & Claudia Czado, 2022. "Two‐part D‐vine copula models for longitudinal insurance claim data," Scandinavian Journal of Statistics, Danish Society for Theoretical Statistics;Finnish Statistical Society;Norwegian Statistical Association;Swedish Statistical Association, vol. 49(4), pages 1534-1561, December.
    10. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    11. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    12. Ajjima Jiravichai & Ruth Banomyong, 2022. "A Proposed Methodology for Literature Review on Operational Risk Management in Banks," Risks, MDPI, vol. 10(5), pages 1-18, May.
    13. Kim, Hee Eun & Son, Han Seong & Kim, Jonghyun & Kang, Hyun Gook, 2017. "Systematic development of scenarios caused by cyber-attack-induced human errors in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 290-301.
    14. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    15. Stefan Rass & Sandra König & Stefan Schauer, 2017. "Defending Against Advanced Persistent Threats Using Game-Theory," PLOS ONE, Public Library of Science, vol. 12(1), pages 1-43, January.
    16. Kley, Oliver & Klüppelberg, Claudia & Paterlini, Sandra, 2020. "Modelling extremal dependence for operational risk by a bipartite graph," Journal of Banking & Finance, Elsevier, vol. 117(C).
    17. Berger, Allen N. & Curti, Filippo & Mihov, Atanas & Sedunov, John, 2022. "Operational Risk is More Systemic than You Think: Evidence from U.S. Bank Holding Companies," Journal of Banking & Finance, Elsevier, vol. 143(C).
    18. Konstantinos Ntafloukas & Liliana Pasquale & Beatriz Martinez-Pastor & Daniel P. McCrum, 2023. "A Vulnerability Assessment Approach for Transportation Networks Subjected to Cyber–Physical Attacks," Future Internet, MDPI, vol. 15(3), pages 1-23, February.
    19. Lu Wei & Jianping Li & Xiaoqian Zhu, 2018. "Operational Loss Data Collection: A Literature Review," Annals of Data Science, Springer, vol. 5(3), pages 313-337, September.
    20. Petar Radanliev & David Roure & Pete Burnap & Omar Santos, 2021. "Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things," The Review of Socionetwork Strategies, Springer, vol. 15(2), pages 381-411, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:alstar:v:105:y:2021:i:3:d:10.1007_s10182-020-00387-0. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.