Abstract
Cybersecurity breaches may be correlated due to geography, similar infrastructure, or use of a third-party contractor. We show how a logistic regression may be used to estimate the probability of an attack where breaches may be correlated among firms up and down the supply chain. We also show how a Poisson regression may be used to estimate the number of records breached. Losses arising from cybersecurity breaches have an unknown distribution. We propose the stock price reaction to a breach as an objective measure of the loss in wealth sustained by the firm due to a breach. This loss measure reflects the immediate and long-term effects of a breach, including reputational effects and other intangible impacts that are otherwise more difficult to quantify. We examine stock returns for 258 cybersecurity breach announcements over 2011-2016 in order to obtain the empirical loss distribution. We find a five-day abnormal return of -1.44%. Seventy-one percent of these 258 announcements result in a negative abnormal return, and a gamma distribution provides an excellent fit to these losses. In addition to introducing a predictive model for correlated losses, our study shows how insurers can use either the empirical stock return distribution of losses or the per record cost of a breach in the pricing of cyberinsurance.
Highlights
Hacking incidents and information security breaches in digital networks have risen to the top of corporate and governmental radar screens due to the volume and intensity of such incidents
We focus on the cumulative abnormal returns (CARs) over a five-day [−2, +2] event window surrounding the announcement, and report results for a shorter three-day event window [−1, +1]
The cyberinsurance market is still relatively new, insurance companies are still trying to gain a better understanding of the nature and size of potential losses from cyber breaches in order to price these products
Summary
Hacking incidents and information security breaches in digital networks have risen to the top of corporate and governmental radar screens due to the volume and intensity of such incidents. Our approach to estimating losses for the purpose of pricing cyberinsurance premiums is drawn from the stock market reaction to cybersecurity breaches. We propose the cumulative abnormal return around the breach announcement from a large sample of firms as an excellent source from which to estimate the distribution of total losses and to provide premium pricing information to cyberinsurance providers. We measure the cumulative abnormal returns from publicly-traded firms having a cybersecurity breach announcement in order to gauge the magnitude of losses from a breach We use this objective and quantifiable measure to model cyberinsurance premium pricing and to assist insurers in their efforts to provide a fairly-priced cyberinsurance product. The last section concludes and provides future directions for research
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have