Cyber risk and cybersecurity: a systematic review of data availability

Cremer, Frank; Sheehan, Barry; Fortmann, Michael; Kia, Arash Negahdari; Mullins, Martin; Murphy, Finbarr; Materne, Stefan

doi:10.1057/s41288-022-00266-6

Cited by 73 publications

(22 citation statements)

References 206 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…By having a common knowledge repository that logs such action (cause and effect), organizations can learn about prominent threats and vulnerabilities among others to proactively evolve their security programs based on their unique assessment, projections and resource courtesy of a shared knowledge base. It has been established that the unavailability of data on cyberrisk poses a huge problem for stakeholders looking to tackle cybersecurity issues (Cremer et al, 2022). Proactively modeling or simulating actions in relation to the risk impact will certainly be useful for projections, especially when AI is leveraged.…”

Section: Discussionmentioning

confidence: 99%

“…Since unauthorized access or exposure to sensitive data can result in negative consequences, organizations continue to look for ways to mitigate threats and effectively respond to security incidents, especially now that digital adoption has become widespread with remote working and increased reliance on ITdriven services. Additionally, customers continue to demand better security services as the ongoing environmental crisis (COVID-19) has introduced more threats and vulnerabilities to individuals and organizations alike (Cremer et al, 2022) As businesses and individuals continue to take advantage of digital technologies and cloud services to emerge ahead of the crisis, the risk and impact of cyberattacks have continued to rise (Weil and Murugesan, 2020;Dalal et al, 2022). Cyberspace continues to be troubled with highly motivated offenders who take advantage of inadequate security, the lack of security awareness and noncompliance to regulation among others.…”

Section: The Cyberspace Security Issues and Challengesmentioning

confidence: 99%

“…According to the 2020 global risks report by the World Economic Forum, cyberattacks on critical infrastructure are rated the fifth top risk in 2020 which continues to prevail across the energy, healthcare and transportation industries among others (Cremer et al, 2022). The report maintains that cybercrime-as-a-service is a growing business model, especially with the increase of sophisticated tools on the darknet that is making malicious services affordable and more easily accessible to anyone.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A service lens on cybersecurity continuity and management for organizations’ subsistence and growth

Thomas

Sule²

2022

OCJ

View full text Add to dashboard Cite

PurposeThis paper proposes a holistic, proactive and adaptive approach to cybersecurity from a service lens, given the continuously evolving cyber-attack techniques, threat and vulnerability landscape that often overshadow existing cybersecurity approaches.Design/methodology/approachThrough an extensive literature review of relevant concepts and analysis of existing cybersecurity frameworks, standards and best practices, a logical argument is made to produce a dynamic end-to-end cybersecurity service system model.FindingsCyberspace has provided great value for businesses and individuals. The COVID-19 pandemic has significantly motivated the move to cyberspace by organizations. However, the extension to cyberspace comes with additional risks as traditional protection techniques are insufficient and isolated, generally focused on an organization's perimeter with little attention to what is out there. More so, cyberattacks continue to grow in complexity creating overwhelming consequences. Existing cybersecurity approaches and best practices are limited in scope, and implementation strategies, differing in strength and focus, at different levels of granularity. Nevertheless, the need for a proactive, adaptive and responsive cybersecurity solution is recognized.Originality/valueThis paper presents a model that promises proactive, adaptive and responsive end-to-end cybersecurity. The proposed cybersecurity continuity and management model premised on a service system, leveraging on lessons learned from existing solutions, takes a holistic analytical view of service activities from source (service provider) to destination (Customer) to ensure end-to-end security, whether internally (within an organization) or externally.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: The Cyberspace Security Issues and Challengesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A service lens on cybersecurity continuity and management for organizations’ subsistence and growth

Thomas

Sule²

2022

OCJ

View full text Add to dashboard Cite

show abstract

“…Considering that these technological opportunities are also in tandem with their associated cybersecurity risks, it would be necessary for industries to have a complete understanding of the impact of adopting these technologies on their security [ 64 , 65 , 66 ]. For such industries to capitalize on the fourth and fifth industrial revolutions, they will need to have the necessary contingencies and measures in place that will ensure that their cybersecurity is in tandem with Industry 4.0 and Industry 5.0 [ 67 , 68 ].…”

Section: Cybersecurity Risks In Industry 40 and 50mentioning

confidence: 99%

The Need for Cybersecurity in Industrial Revolution and Smart Cities

Clim

Toma

Zota

et al. 2022

Sensors

View full text Add to dashboard Cite

Cities have grown in development and sophistication throughout human history. Smart cities are the current incarnation of this process, with increased complexity and social importance. This complexity has come to involve significant digital components and has thus come to raise the associated cybersecurity concerns. Major security relevant events can cascade into the connected systems making up a smart city, causing significant disruption of function and economic damage. The present paper aims to survey the landscape of scientific publication related to cybersecurity-related issues in relation to smart cities. Relevant papers were selected based on the number of citations and the quality of the publishing journal as a proxy indicator for scientific relevance. Cybersecurity will be shown to be reflected in the selected literature as an extremely relevant concern in the operation of smart cities. Generally, cybersecurity is implemented in actual cities through the concerted application of both mature existing technologies and emerging new approaches.

show abstract

“…Despite the extensive nature of the topic, there is a huge lack of reliable empirical data (Marotta et al 2017;Wolff and Lehr 2017;EIOPA 2018;Romanosky et al 2019;Dambra et al 2020;Eling 2020;Wrede et al 2020;Buil-Gil et al 2021;Cremer et al 2022;Wheatley et al 2021), which prevents organisations from better calculating IS investments and deciding on cyber risk transfers as well as enabling insurance companies to more precisely price their cyber policies.…”

Section: Introductionmentioning

confidence: 99%

Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach

Skarczinski¹,

Raschke²,

Teuteberg

2023

Geneva Pap Risk Insur Issues Pract

View full text Add to dashboard Cite

Cyber incidents are among the most critical business risks for organisations and can lead to large financial losses. However, previous research on loss modelling is based on unassured data sources because the representativeness and completeness of op-risk databases cannot be assured. Moreover, there is a lack of modelling approaches that focus on the tail behaviour and adequately account for extreme losses. In this paper, we introduce a novel ‘tempered’ generalised extreme value (GEV) approach. Based on a stratified random sample of 5000 interviewed German organisations, we model different loss distributions and compare them to our empirical data using graphical analysis and goodness-of-fit tests. We differentiate various subsamples (industry, size, attack type, loss type) and find our modified GEV outperforms other distributions, such as the lognormal and Weibull distributions. Finally, we calculate losses for the German economy, present application examples, derive implications as well as discuss the comparison of loss estimates in the literature.

show abstract

Cyber risk and cybersecurity: a systematic review of data availability

Cited by 73 publications

References 206 publications

A service lens on cybersecurity continuity and management for organizations’ subsistence and growth

A service lens on cybersecurity continuity and management for organizations’ subsistence and growth

The Need for Cybersecurity in Industrial Revolution and Smart Cities

Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach

Contact Info

Product

Resources

About