What Is the Worst Scenario? Modeling Extreme Cyber Losses

Digitalization is not only a source of development and innovation, but also carries a risk related to the growing number of threats in cyberspace—so-called cyber risk. Any significant disruption in cyberspace, whether global or local, will have an impact on the security of business transactions, a sense of security for citizens, the efficiency of public sector institutions, the course of production processes and services, and consequently on national security in general. Modeling extreme events in the area of cyber risk may be used in determining the level of capital necessary to cover financial losses resulting from low-probability high-impact (LPHI) events. We conduct an analysis of the tail distributions, using univariate extreme value theory. In particular, we adopt the peak-over-threshold (POT) by Generalized Pareto Distribution (GPD) approach for exceedances (tails). Moreover, we applied another approach to extreme risk modelling—fitting a spliced distribution. The splicing of a Mixed Erlang distribution for the body and an extreme value distribution (Pareto or GPD) for the tail as well as mixtures of gamma/log-normal/Weibull distributions with GDP are considered. This approach overcomes the subjectivity of manual threshold selection, because it can be estimated as a parameter. We compare the results of fitted distributions and draw conclusions based on VaR’s estimates for each analyzed models. We found that the GPD model has proven its superiority over spliced distributions in terms of goodness-of-fit and accuracy of VaR estimations. Therefore we conclude that the GPD is the most recommended distribution to model extreme risk measures (VaR, ES). VaR and ES indicate the level of risk capital that should be carried by a company in case of LPHI cyber event.