EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cyber Risk Taxonomies: Statistical Analysis of Cybersecurity Risk Classifications

Matteo Malavasi, Gareth W. Peters, Stefan Treuck, Pavel V. Shevchenko, Jiwook Jang and Georgy Sofronov
Additional contact information
Matteo Malavasi: School of Risk and Actuarial Studies, UNSW Business School, University of New South Wales, Australia
Gareth W. Peters: Department of Statistics and Applied Probability, University of California Santa Barbara, USA
Stefan Treuck: Department of Actuarial Studies and Business Analytics, Macquarie University, Australia
Pavel V. Shevchenko: Department of Actuarial Studies and Business Analytics, Macquarie University, Australia
Jiwook Jang: Department of Actuarial Studies and Business Analytics, Macquarie University, Australia
Georgy Sofronov: School of Mathematical and Physical Sciences, Macquarie University, Australia

Papers from arXiv.org

Abstract: Cyber risk classifications are widely used in the modeling of cyber event distributions, yet their effectiveness in out of sample forecasting performance remains underexplored. In this paper, we analyse the most commonly used classifications and argue in favour of switching the attention from goodness-of-fit and in-sample predictive performance, to focusing on the out-of sample forecasting performance. We use a rolling window analysis, to compare cyber risk distribution forecasts via threshold weighted scoring functions. Our results indicate that business motivated cyber risk classifications appear to be too restrictive and not flexible enough to capture the heterogeneity of cyber risk events. We investigate how dynamic and impact-based cyber risk classifiers seem to be better suited in forecasting future cyber risk losses than the other considered classifications. These findings suggest that cyber risk types provide limited forecasting ability concerning cyber event severity distribution, and cyber insurance ratemakers should utilize cyber risk types only when modeling the cyber event frequency distribution. Our study offers valuable insights for decision-makers and policymakers alike, contributing to the advancement of scientific knowledge in the field of cyber risk management.

Date: 2024-10
New Economics Papers: this item is included in nep-rmg
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
http://arxiv.org/pdf/2410.05297 Latest version (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:arx:papers:2410.05297

Access Statistics for this paper

More papers in Papers from arXiv.org
Bibliographic data for series maintained by arXiv administrators ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:arx:papers:2410.05297