What are the actual costs of cyber risk events?
Martin Eling and
European Journal of Operational Research, 2019, vol. 272, issue 3, 1109-1119
Cyber risks are high on the business agenda of every company, but they are difficult to assess due to the absence of reliable data and thorough analyses. This paper is the first to consider a broad range of cyber risk events and actual cost data. For this purpose, we identify cyber losses from an operational risk database and analyze these with methods from statistics and actuarial science. We use the peaks-over-threshold method from extreme value theory to identify “cyber risks of daily life” and “extreme cyber risks”. Human behavior is the main source of cyber risk and cyber risks are very different compared with other risk categories. Our models can be used to yield consistent risk estimates, depending on country, industry, size, and other variables. The findings of the paper are also useful for practitioners, policymakers and regulators in improving the understanding of this new type of risk.
Keywords: Risk analysis; Cyber risk; Operational risk; Risk management; Insurance (search for similar items in EconPapers)
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1) Track citations by RSS feed
Downloads: (external link)
Full text for ScienceDirect subscribers only
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
Persistent link: https://EconPapers.repec.org/RePEc:eee:ejores:v:272:y:2019:i:3:p:1109-1119
Access Statistics for this article
European Journal of Operational Research is currently edited by Roman Slowinski, Jesus Artalejo, Jean-Charles. Billaut, Robert Dyson and Lorenzo Peccati
More articles in European Journal of Operational Research from Elsevier
Bibliographic data for series maintained by Haili He ().