IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2202.10189.html
   My bibliography  Save this paper

The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors

Author

Listed:
  • Pavel V. Shevchenko

    (Department of Actuarial Studies and Business Analytics, Macquarie Business School, Macquarie University, Sydney, Australia)

  • Jiwook Jang

    (Department of Actuarial Studies and Business Analytics, Macquarie Business School, Macquarie University, Sydney, Australia)

  • Matteo Malavasi

    (Department of Actuarial Studies and Business Analytics, Macquarie Business School, Macquarie University, Sydney, Australia)

  • Gareth W. Peters

    (Department of Statistics and Applied Probability, College of Letters and Science, University of California Santa Barbara, Santa Barbara, California USA)

  • Georgy Sofronov

    (School of Mathematical and Physical Sciences, Faculty of Science and Engineering, Macquarie University, Sydney, Australia)

  • Stefan Truck

    (Department of Actuarial Studies and Business Analytics, Macquarie Business School, Macquarie University, Sydney, Australia)

Abstract

In this study we examine the nature of losses from cyber related events across different risk categories and business sectors. Using a leading industry dataset of cyber events, we evaluate the relationship between the frequency and severity of individual cyber-related events and the number of affected records. We find that the frequency of reported cyber related events has substantially increased between 2008 and 2016. Furthermore, the frequency and severity of losses depend on the business sector and type of cyber threat: the most significant cyber loss event categories, by number of events, were related to data breaches and the unauthorized disclosure of data, while cyber extortion, phishing, spoofing and other social engineering practices showed substantial growth rates. Interestingly, we do not find a distinct pattern between the frequency of events, the loss severity, and the number of affected records as often alluded to in the literature. We also analyse the severity distribution of cyber related events across all risk categories and business sectors. This analysis reveals that cyber risks are heavy-tailed, i.e., cyber risk events have a higher probability to produce extreme losses than events whose severity follows an exponential distribution. Furthermore, we find that the frequency and severity of cyber related losses exhibits a very dynamic and time varying nature.

Suggested Citation

  • Pavel V. Shevchenko & Jiwook Jang & Matteo Malavasi & Gareth W. Peters & Georgy Sofronov & Stefan Truck, 2022. "The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors," Papers 2202.10189, arXiv.org, revised Mar 2022.
    • Handle: RePEc:arx:papers:2202.10189
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2202.10189
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    2. T. Maillart & D. Sornette, 2010. "Heavy-tailed distribution of cyber-risks," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 75(3), pages 357-364, June.
    3. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    4. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    2. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    3. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    4. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    5. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    6. Domenico Giovanni & Arturo Leccadito & Marco Pirra, 2021. "On the determinants of data breaches: A cointegration analysis," Decisions in Economics and Finance, Springer;Associazione per la Matematica, vol. 44(1), pages 141-160, June.
    7. Ma, Boyuan & Chu, Tingjin & Jin, Zhuo, 2022. "Frequency and severity estimation of cyber attacks using spatial clustering analysis," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 33-45.
    8. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    9. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 2020. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 564-579, October.
    10. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    11. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    12. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang, 2022. "Cyber Loss Model Risk Translates to Premium Mispricing and Risk Sensitivity," Papers 2202.10588, arXiv.org, revised Mar 2023.
    13. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    14. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    15. Spencer Wheatley & Annette Hofmann & Didier Sornette, 2021. "Addressing insurance of data breach cyber risks in the catastrophe framework," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 46(1), pages 53-78, January.
    16. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    17. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 0. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-16.
    18. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    19. Martin Boyer & Martin Eling, 2023. "New advances on cyber risk and cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 267-274, April.
    20. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2202.10189. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.