Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance

Mukhopadhyay, Arunabha; Chatterjee, Samir; Bagchi, Kallol; Kirs, Peeter; Shukla, G. K.

doi:10.1007/s10796-017-9808-5

Cited by 38 publications

(22 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This framework showed the importance of proactive and reactive barriers in reducing companies' exposure to cyber risk and quantifying the risk. Another approach to cyber risk assessment and mitigation was proposed by Mukhopadhyay et al (2019). They estimated the probability of an attack using generalised linear models, predicted the security technology required to reduce the probability of cyberattacks, and used gamma and exponential distributions to best approximate the average loss data for each malicious attack.…”

Section: Impact Datasetsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

View full text Add to dashboard Cite

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

show abstract

Section: Impact Datasetsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

View full text Add to dashboard Cite

show abstract

“…Most attacks observed in cyberspace are common for several vertical industries because they use similar communication and data storage technologies. The paper [75] presents an overview (from the historical perspective) of attacks perpetrated against Banking, Financial Services, and Insurance, Healthcare, and e-retail industries, as well as government agencies (some aspects of administration and critical infrastructure). The main categories of attacks are malicious software, DoS, financial fraud, system penetration, theft of proprietary information, and unauthorized access.…”

Section: ) Attacks and Countermeasuresmentioning

confidence: 99%

“…Content may change prior to final publication. large-scale attacks against BFSI institutions observed in the past [75] show that this sector must adapt to these and other, sometimes still undefined risks. So, banks and other financial institutions must invest more in security solutions to ensure 24/7 protection.…”

Section: ) Attacks and Countermeasuresmentioning

confidence: 99%

Verticals in 5G MEC-Use Cases and Security Challenges

et al. 2021

View full text Add to dashboard Cite

5G is the fifth-generation cellular network satisfying the requirements IMT-2020 (International Mobile Telecommunications-2020) of the International Telecommunication Union. Mobile network operators started using it worldwide in 2019. Generally, 5G achieves exceptionally high values of performance parameters of access and transmission. The application of edge servers facilitated the implementation of such requirements of 5G, which resulted in 5G MEC (Multi-access Edge Computing) technology. Moreover, to optimize services for specific business applications, the concept of 5G vertical industries has been proposed. In this paper, we study how the application of the MEC technology affects the functioning of 5G MEC-based services. We consider twelve representative vertical industries of 5G MEC by presenting their essential characteristics, threats, vulnerabilities, and known attacks. Next, we analyze their functional properties, give efficiency patterns and identify the effect of applying the MEC technology in 5G on the resultant network's quality parameters to identify the expected security requirements. Finally, we identify the impact of classified threats on the 5G empowered vertical industries and identify the most sensitive cases to focus on their protection against network attacks in the first place.

show abstract

“…The research in Information Systems Frontiers (ISF) particularly stressed the cyber risk assessment (Mukhopadhyay et al 2019), security risk mitigation (Ye et al 2006), IT security investment (Ezhei and Ladani 2018), information security policy (Kang and Hovav 2018), and security risk management (Lee and Lee 2012). In this regard, ISF's research also focuses more on the organization and employee aspect of cybersecurity issues.…”

Section: Cybersecurity Research Literaturementioning

confidence: 99%

Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach

et al. 2020

View full text Add to dashboard Cite

The emergence of a preventive cybersecurity paradigm that aims to eliminate the sources of cybercrime threats is becoming an increasingly necessary complement to the current self-defensive cybersecurity systems. One concern associated with adopting such preventive measures is the risk of privacy infringement. Therefore, it is necessary to design the future Internet infrastructure so that it can appropriately balance preventive cybersecurity measures with privacy protections. This research proposes to design the Internet infrastructure using the preventive cybersecurity measures of the Bright Internet, namely preventive cybersecurity protocol and identifiable anonymity protocol, and ten privacy rights derived from Europe's General Data Protection Regulations (GDPR). We then analyze the legitimacy of the five steps of the preventive cybersecurity protocol and the four features of the identifiable anonymity protocol from the perspectives of ten privacy rights. We address the legitimacy from the perspective of potential victims' self-defense rights. Finally, we discuss four potential risks that may occur to the innocent senders and proposed resilient recovery procedures.

show abstract

Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance

Cited by 38 publications

References 39 publications

Cyber risk and cybersecurity: a systematic review of data availability

Cyber risk and cybersecurity: a systematic review of data availability

Verticals in 5G MEC-Use Cases and Security Challenges

Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach

Contact Info

Product

Resources

About