Reducing Informational Disadvantages to Improve Cyber Risk Management†

Shetty, Sachin; McShane, Michael K.; Zhang, Linfeng; Kesan, Jay P.; Kamhoua, Charles A.; Kwiat, Kevin; Njilla, Laurent

doi:10.1057/s41288-018-0078-3

Cited by 42 publications

(22 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Although in the late 1980s, there was already incipient work in the field, the risk management framework based on ERM appeared in the 1990s as a result of the need arising from a competitive and complex environment, seeking to link risk management with companies' activities (Arena et al 2010). ERM became the main form adopted by the companies making growing efforts to address uncertainty, which peaked in that decade (Shetty et al 2018). According to Govender (2019), Australia and New Zealand were the first countries to develop a holistic risk management model in 1999 through the AZ/NZS 4360 standard.…”

Section: Enterprise Risk Management (Erm)mentioning

confidence: 99%

Security as a key contributor to organisational resilience: a bibliometric analysis of enterprise security risk management

Marquez-Tejon

Jiménez-Partearroyo

Benito‐Osorio

2021

Secur J

View full text Add to dashboard Cite

Globalisation and hyperconnectivity affect organisational resilience with threats such as the recent COVID-19 pandemic or large-scale cyberattacks. To strengthen organisational resilience capabilities, a framework such as enterprise risk management (ERM) is necessary so as to enable holistic risk management. Specifically, in this paper, we analyse the role of security, which has great potential in crisis management and makes it possible to follow up businesses integrated in enterprise security risk management (ESRM). This paper examines, for the first time in the literature, the output of scientists on ESRM. After analysing 463 articles from the period between 1986 and 2019, it is concluded that Security Risk Management is a subject area on its own and is closely linked to ERM.

show abstract

Section: Enterprise Risk Management (Erm)mentioning

confidence: 99%

Security as a key contributor to organisational resilience: a bibliometric analysis of enterprise security risk management

Marquez-Tejon

Jiménez-Partearroyo

Benito‐Osorio

2021

Secur J

View full text Add to dashboard Cite

show abstract

“…More importantly, the impact of a cyberattack is difficult to estimate. Cybersecurity and insurance are subject to complex information asymmetry, correlated loss and interdependent security issues (Biener et al 2015;Eling 2018;Pooser et al 2018;Shetty et al 2018), making attacks difficult to prevent and problematic to adequately insure. 1 With widespread interconnectivity, a single attacker can cause simultaneous losses for multiple organisations running similar software platforms (correlated losses) and infiltration can occur via trusted external entities, such as a supplier or subcontractor, regardless of the robustness of the organisation's own cyber defense (interdependent security) (Böhme 2005;Ogut et al 2005;Akey et al 2020).…”

Section: Introductionmentioning

confidence: 99%

“…Even though estimated cyber losses were double those of natural catastrophe losses, total cyber premiums written in 2017 were only about USD 2 billion (Greenwald, 2018). 2 The articles in the special issue investigate the management of IT risks by banks (Ashby et al 2018), the perception of cyber risk by U.S. property casualty insurers (Pooser et al 2018), the role of insurance in managing cyber risk, including the proposal of a cyber risk scoring tool (Shetty et al 2018), and behavioural factors affecting perceptions of cyber risk by decision makers (de Smidt and Botzen 2018). particular, univariate and multivariate analyses of cumulative abnormal returns (CARs) indicate that stock market reactions were volatile during the early years of our sample, then became increasingly negative, but recently have started to moderate.…”

Section: Introductionmentioning

confidence: 99%

Time-varying effects of cyberattacks on firm value

McShane

Nguyen

2020

Geneva Pap Risk Insur Issues Pract

Self Cite

View full text Add to dashboard Cite

This paper adds to research on the effect of cyber events on the attacked firm's value in light of conflicting results from previous studies. Using 536 cyberattack announcements that occurred during the 2007-2016 period, the main goal is to investigate for changes in investor reaction over time as cyberattacks have become more frequent. Empirical evidence shows that cumulative abnormal returns of attacked firms were volatile earlier in the period, became increasingly negative, but have moderated recently. This paper proposes and discusses potential explanations for this observed U-shaped pattern over the 10-year period. The relation between stock market reaction and type of attack, type of data affected, type of perpetrator and various firm level characteristics is also examined.

show abstract

“…Unlike typical corporate risks, cyber threats result from intelligent actors who can adapt and change tactics as defenses are implemented, thus rendering past data quickly obsolete as a predictor of future attacks. In addition, cyber risks are plagued by information asymmetry, correlated loss, and interdependent security issues (Biener et al, 2015;Marotta et al, 2017;McShane et al, 2018;Shetty et al, 2018) that hamper traditional risk management and insurance practices from being effective.…”

Section: Introductionmentioning

confidence: 99%

“…An Institute for Critical Infrastructure Technology (ICIT) report argues that even a "script kiddie" 1 could cause serious damage to the system of a major healthcare provider, using only phishing attacks and exploit kits available on the Internet (ICIT, 2016). Generally, these attacks occur because organizations have common vulnerabilities (Böhme, 2005;Shetty et al, 2018), which are unintended flaws or design errors that enable an attacker to access multiple organizations.…”

Section: Introductionmentioning

confidence: 99%

Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach

Marotta¹,

McShane²

2018

Risk Manage Insurance Review

Self Cite

View full text Add to dashboard Cite

Cyber threats are an emerging risk posing a range of challenges to organizations of all sizes. Corporate risk managers need to understand that cyber risk management must not be a silo in the IT department. Cyber threats are the result of intelligent adaptive agents that cannot be managed by traditional risk management techniques only. The article describes the honeypot concept, which is a proactive measure for identifying and gathering information about attackers in order to develop suitable and effective countermeasures. In addition, this article proposes the integration of the honeypot concept into a cyber risk management approach based on the five preparedness mission areas of the Federal Emergency Management Agency (FEMA).

show abstract

Reducing Informational Disadvantages to Improve Cyber Risk Management†

Cited by 42 publications

References 9 publications

Security as a key contributor to organisational resilience: a bibliometric analysis of enterprise security risk management

Security as a key contributor to organisational resilience: a bibliometric analysis of enterprise security risk management

Time-varying effects of cyberattacks on firm value

Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach

Contact Info

Product

Resources

About