Abstract
This chapter introduces cyber risk as a critical business risk spilling over into strategic risk, credit risk, and regulatory risk on the entity level, as well as market risk and systemic risk on the portfolio level. It then analyses the uniqueness of cyber risk, the need for cyber risk measurement and its current challenges, followed by a review on cost of cybercrime, cyber incident loss categories, and models for measuring expected loss from cyber incidents, including Annual Loss Expectancy, Standard Deviation of Loss, and Perceived Composite Risk. It then covers current methods for cyber risk measurement, e.g., Common Vulnerability Scoring System (CVSS), CORAS, stochastic modeling, Monte Carlo simulation, Cyber Value at Risk, and Factor Analysis of Information Risk (FAIR). The Cyber Risk Quadrant is introduced in this chapter, applying medical risk measurement to the cyber context. It categorizes risk factors into technological, nontechnological, inherent (nonmodifiable), and control (modifiable) factors. Examples of scenario analysis for control assessment and loss quantification are also provided.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Digital Asset Valuation and Cyber Risk Measurement
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
