Advancing Beyond Predictive to Anticipatory Risk Analytics: CyberFinance: Why Cybersecurity Risk Analytics must Evolve to Survive 90% oemerging Cyber Financial Threats, and, What You Can Do About It?

Abstract

Current research presented at the 2016 New York State Cybersecurity Conference (June 8-9, 2016) advances further on our Computational Quantitative Risk Analytics and Computational Quantitative Finance and Cybersecurity innovation research selected for 35 Top-10 SSRN Rankings over 2015-2016 and recent invited research presentations at the 2016 Princeton Quant Trading Conference, 2015 Princeton Quant Trading Conference, and, the 2015 Chief Security Officers and CxO Summit, and research paper selected for the 2015 New York Cyber Security & Engineering Technology Association Conference.It draws on our 20-year scholarly and applied research and practices applied and shared by worldwide firms and governments on advancing beyond computerized models of predictive analytics based upon historical data to ‘anticipation of surprise’ for an interconnected cyber world increasingly characterized by growing uncertainty, extreme events, and black swans. (Starting from, for example, our CIO Magazine interview of September 15, 1999, and/ our ‘Expert Systems with Applications’ journal research paper: Expert Systems for Knowledge Management: Crossing the Chasm between Information Processing and Sense Making of 2001 inspired by the communication of 1995 on the design of next-generation self-adaptive complex systems with the Genetic Algorithms pioneer Professor Dr. John Holland while he was at Santa Fe Institute.)It recognizes data (i.e., ‘data in transit’, ‘data in use’, and, ‘data at rest’ from today’s Network and Computer Cyber Security perspective) as the ‘currency’ of the globally networked cyber era. Control and ownership of data – including ‘identity’, ‘intellectual property’, ‘money’, ‘value’, ‘valuations’, ‘prices’, ‘payments’, and ‘transactions’ – characterize the new discipline of Cyber Finance pioneered by our above research. ‘Data driven decision making’ by human-machine systems powered by AI, algorithms, data science, and, machine learning is increasingly subject to human-tech vulnerabilities and exposures to growing threats. Paradigmatic shift in understanding and applying Cybersecurity in terms of Cyber Risk Management requires advancing beyond ‘naive’ choice and application of ‘inappropriate’ models [by humans and/or machines] based on outdated, inaccurate, and incorrect assumptions. Blind and unquestioning reliance upon inappropriate risk models that exponentially underestimate risk is the sure-fire recipe for global financial disasters that can and will pale the severity of impact of the global financial crisis of 2008-2009. A case in point is our recent correction of the computational risk analytics and modeling foundation of cyber risk loss assessment by the global cyber risk insurance industry which had [incorrectly] chosen VaR (Value-at-Risk) as the model for predictive assessment for cyber risk loss assessment. We proposed alternative robust models, methods, and measures, while clearly demonstrating why VaR is inappropriate for Cybersecurity risk assessment as well as for Cyber Finance risk modeling given inherent systemic risks, tail risks, and endogenous risks characterizing the Cyber-Finance contexts.Advances in computational, quantitative, and statistical technologies, models, and methodologies for risk management are necessary for the world wherein decisions and actions occur at warp-speed enabled by sophisticated algorithms, machine learning, and, cognitive computing technologies. With primary focus of risk analysis across industries such as Finance fragmented across Application and Presentation layers (Layers 6 and 7) and Physical and Data Link layers (Layers 1 and 2), risks [and vulnerabilities] are increasingly concentrated in the Session, Transport, and Network layers (Layers 3, 4, and, 5) and associated telecom network protocols and cryptographic protocols. That specific emphasis of 10% risk focus and the 90% hidden and latent risk depicted our ‘iceberg of risk analytics’ which was one of the themes of the invited presentation at the 2015 Princeton Quant Trading Conference.Based upon our analysis of the Finance, Cybersecurity, and Cyber-Finance practices, we foresee rising catastrophic risks and extreme events across domains of Cyber Finance practice consistent and synchronous with similar current observations by top Finance experts and Hedge Fund managers (such as Bill Gross and George Soros) in Finance. Further advancing upon our research focus beyond theoretical Risk Modeling to pragmatic Uncertainty Modeling and Uncertainty Management; beyond Bayesian and Quasi-Bayesian VaR; beyond frequentist Null-Hypothesis Significance Testing to Bayesian Inference methodologies and related Markov Chain Monte Carlo Models; beyond Probability theory models to Imprecise Probability models based upon Bayesian Nets and Credal Nets, and, Possibility theory based Fuzzy Sets and Fuzzy Logic; and emerging focus on Quantum Computing, the current presentation outlines specific Extreme Risks and Catastrophic Risk models suitable for modeling emerging risks in Cybersecurity and Cyber Finance Risk Management.