ABSTRACTCyber risk has emerged as a significant threat to businesses that have increasingly relied on new and existing information technologies (IT). Across various businesses in different industries and sectors, a distinct pattern of IT network architectures, such as the client‐server network architecture, may, in principle, expose those businesses, which share it, to similar cyber risks. That is why in this article, we propose a probabilistic structural framework for loss assessments of cyber risks on the class of client‐server network architectures with different client types. To our knowledge, there exist no theoretical models of an aggregate loss distribution for cyber risk in this setting. With this structural framework via the exact mean and variance of losses, we demonstrate how the changing cybersecurity environment of a business's IT network impacts the loss distribution. Furthermore, our framework provides insights into better investment strategies for cybersecurity protection on the client‐server network. Motivated by cyberattacks across industries, we apply our framework to four case studies that utilize the client‐server network architecture. Our first application is implantable medical devices in healthcare. Our second application is the smart buildings domain. Third, we present an application for ride‐sharing services such as Uber and Lyft. The fourth is the application of vehicle‐to‐vehicle cooperation in traffic management. The results are corresponding exact means and variances of cyber risk loss distributions parameterized by various cybersecurity parameters allowing for liability assessments and decisions in cybersecurity protection investments.
Read full abstract