RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports

• URL: http://arxiv.org/abs/2307.11140v1
• Date: Thu, 20 Jul 2023 17:52:47 GMT
• Title: RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports
• Authors: Muriel Figueredo Franco, Fabian K\"unzler, Jan von der Assen, Chao Feng, Burkhard Stiller
• Abstract summary: This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies.
• Score: 8.45831177335402
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide individualized and quantitative monetary estimations of cybersecurity impacts. Due to limited resources and technical expertise, SMEs and even large companies are affected and struggle to quantify their cyberattack exposure. Therefore, novel approaches must be placed to support the understanding of the financial loss due to cyberattacks. This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs using real-world information from public cybersecurity reports. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies. Furthermore, RCVaR extends current methods to achieve cost and risk estimations based on historical real-world data instead of only probability-based simulations. The evaluation of the approach on unseen data shows the accuracy and efficiency of the RCVaR in predicting and managing cyber risks. Thus, it shows that the RCVaR is a valuable addition to cybersecurity planning and risk management processes.

Related papers

• Cyber Risk Taxonomies: Statistical Analysis of Cybersecurity Risk Classifications [0.0]
  We argue in favour of switching the attention from goodness-of-fit and in-sample performance, to focusing on the out-of sample forecasting performance. Our results indicate that business motivated cyber risk classifications appear to be too restrictive and not flexible enough to capture the heterogeneity of cyber risk events.
  arXiv  Detail & Related papers  (2024-10-04T04:12:34Z)
• QBER: Quantifying Cyber Risks for Strategic Decisions [0.0]
  We introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ)
  arXiv  Detail & Related papers  (2024-05-06T14:25:58Z)
• A Data-Driven Predictive Analysis on Cyber Security Threats with Key Risk Factors [1.715270928578365]
  This paper exhibits a Machine Learning(ML) based model for predicting individuals who may be victims of cyber attacks by analyzing socioeconomic factors. We propose a novel Pertinent Features Random Forest (RF) model, which achieved maximum accuracy with 20 features (95.95%) We generated 10 important association rules and presented the framework that is rigorously evaluated on real-world datasets.
  arXiv  Detail & Related papers  (2024-03-28T09:41:24Z)
• Mind the Gap: Securely modeling cyber risk based on security deviations from a peer group [2.7910505923792646]
  This paper proposes a new framework for cyber posture against peers and estimating cyber risk within specific economic sectors. We introduce a new top-line variable called the Defense Gap Index representing the weighted security gap between an organization and its peers. We apply this approach in a specific sector using data collected from 25 large firms.
  arXiv  Detail & Related papers  (2024-02-06T17:22:45Z)
• Reconciling AI Performance and Data Reconstruction Resilience for Medical Imaging [52.578054703818125]
  Artificial Intelligence (AI) models are vulnerable to information leakage of their training data, which can be highly sensitive. Differential Privacy (DP) aims to circumvent these susceptibilities by setting a quantifiable privacy budget. We show that using very large privacy budgets can render reconstruction attacks impossible, while drops in performance are negligible.
  arXiv  Detail & Related papers  (2023-12-05T12:21:30Z)
• Designing an attack-defense game: how to increase robustness of financial transaction models via a competition [69.08339915577206]
  Given the escalating risks of malicious attacks in the finance sector, understanding adversarial strategies and robust defense mechanisms for machine learning models is critical. We aim to investigate the current state and dynamics of adversarial attacks and defenses for neural network models that use sequential financial data as the input. We have designed a competition that allows realistic and detailed investigation of problems in modern financial transaction data. The participants compete directly against each other, so possible attacks and defenses are examined in close-to-real-life conditions.
  arXiv  Detail & Related papers  (2023-08-22T12:53:09Z)
• On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
  We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. We present ROAR, a new class of attacks that instantiate a variety of such threats. We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
  arXiv  Detail & Related papers  (2023-05-03T18:47:42Z)
• Graph Mining for Cybersecurity: A Survey [61.505995908021525]
  The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
  arXiv  Detail & Related papers  (2023-04-02T08:43:03Z)
• A robust statistical framework for cyber-vulnerability prioritisation under partial information in threat intelligence [0.0]
  This work introduces a robust statistical framework for quantitative and qualitative reasoning under uncertainty about cyber-vulnerabilities. We identify a novel accuracy measure suited for rank in variance under partial knowledge of the whole set of existing vulnerabilities. We discuss the implications of partial knowledge about cyber-vulnerabilities on threat intelligence and decision-making in operational scenarios.
  arXiv  Detail & Related papers  (2023-02-16T15:05:43Z)
• Explanations of Machine Learning predictions: a mandatory step for its application to Operational Processes [61.20223338508952]
  Credit Risk Modelling plays a paramount role. Recent machine and deep learning techniques have been applied to the task. We suggest to use LIME technique to tackle the explainability problem in this field.
  arXiv  Detail & Related papers  (2020-12-30T10:27:59Z)
• PCAL: A Privacy-preserving Intelligent Credit Risk Modeling Framework Based on Adversarial Learning [111.19576084222345]
  This paper proposes a framework of Privacy-preserving Credit risk modeling based on Adversarial Learning (PCAL) PCAL aims to mask the private information inside the original dataset, while maintaining the important utility information for the target prediction task performance. Results indicate that PCAL can learn an effective, privacy-free representation from user data, providing a solid foundation towards privacy-preserving machine learning for credit risk analysis.
  arXiv  Detail & Related papers  (2020-10-06T07:04:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.