Cyber risk and cybersecurity: a systematic review of data availability

Frank Cremer,Arash N Kia,Barry Sheehan,Michael Fortmann,Finbarr Murphy,Stefan Materne,Martin Mullins

doi:10.1057/s41288-022-00266-6

Abstract

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

Highlights

Globalisation, digitalisation and smart technologies have escalated the propensity and severity of cybercrime
The previously identified studies are divided into three categories: datasets on the causes of cyber risks, datasets on the effects of cyber risks and datasets on cybersecurity
We conducted a systematic review of studies on cyber risk and cybersecurity databases

Summary

Introduction

Globalisation, digitalisation and smart technologies have escalated the propensity and severity of cybercrime Whilst it is an emerging field of research and industry, the importance of robust cybersecurity defence systems has been highlighted at the corporate, national and supranational levels. Despite the increasing relevance for the international economy, the availability of data on cyber risks remains limited The lack of data poses challenges for many areas, such as research, risk management and cybersecurity (Falco et al 2019) The importance of this topic is demonstrated by the announcement of the European Council in April 2021 that a centre of excellence for cybersecurity will be established to pool investments in research, technology and industrial development. The goal of this centre is to increase the security of the internet and other critical network and information systems (European Council 2021)

Methods

Results

Discussion

Conclusion