Ross P. Buckley,Douglas W. Arner,Dirk A. Zetzsche,Eriks Selga,Dirk Andreas Zetzsche

DOI: https://doi.org/10.2139/ssrn.3478640

2019-01-01

SSRN Electronic Journal

Abstract:Over the past decade a long-term process of digitization of finance has increasingly combined with datafication and new technologies including cloud computing, blockchain, big data and artificial intelligence in a new era of FinTech (“financial technology”). This process of digitization and datafication combined with new technologies is taking place in developed global markets and at times even faster in emerging and developing markets. The result: cybersecurity and technological risks are now evolving into major threats to financial stability and national security. In addition, the entry of major technology firms into finance – TechFins – brings two new issues. The first arises in the context of new forms of potentially systemically important infrastructure (such as data and cloud services providers). The second arises because data – like finance – benefits from economies of scope and scale and from network effects and – even more than finance – tends towards monopolistic or oligopolistic outcomes, resulting in the potential for systemic risk from new forms of “Too Big to Fail” and “Too Connected to Fail” phenomena. To conclude, we suggest some basic principles about how such risks can be monitored and addressed, focusing in particular on the role of regulatory technology (“RegTech”).

English Else

Shijie Zhou

DOI: https://doi.org/10.54097/hbem.v21i.14183

2023-12-12

Abstract:Financial risk management is a critical discipline in today's dynamic and interconnected financial landscape. This article explores various facets of financial risk management, including the challenges posed by rapid technological advancements, globalization, cybersecurity threats, regulatory changes, and economic uncertainty. It also discusses strategies for effective risk management, such as integrated risk management approaches, advanced analytics, stress testing, risk culture, and communication. Additionally, the article highlights the importance of continuous research and innovation in risk management and offers insights into future trends, including emerging technologies, regulatory reforms, and adaptation to economic and market changes. The conclusion emphasizes the need for proactive, adaptive risk management practices to navigate the complexities of the financial risk landscape successfully.

Yang Lu,Jinggong Zhang,Wenjun Zhu

DOI: https://doi.org/10.1080/03461238.2023.2289374

IF: 1.7821

2024-01-04

Scandinavian Actuarial Journal

Abstract:In the past decade, cyber risk has raised much interest in the economy, and cyber risk has evolved from a type of pure operational risk to both operational and liability risk. However, the modeling of cyber risk is still in its infancy. Compared with other financial risks, cyber risk has some unique features. In particular, discrete variables regularly arise both in the frequency component (e.g. number of events per unit time), and the severity component (e.g. the number of data breaches for each cyber event). In addition, the modeling of these count variables are further complicated by nonstandard properties such as zero inflation, serial and cross-sectional correlations, as well as heavy tails. Previous cyber risk models have largely focused on continuous models that are incompatible with many of these characteristics. This paper introduces a new count-based frequency-severity framework to model cyber risk, with a dynamic multivariate negative binomial autoregressive process for the frequency component, and the generalized Poisson inverse-Gaussian distribution for the severity component. We unify these new modeling tools by proposing a tractable Generalized Method of Moments for their estimation and applying them to the Privacy Rights Clearinghouse (PRC) dataset.

social sciences, mathematical methods,mathematics, interdisciplinary applications,statistics & probability

Michel Dacorogna,Marie Kratz

2023-02-05

Abstract:Not a day goes by without news about a cyber attack. Fear spreads out and lots of wrong ideas circulate. This survey aims at showing how all these uncertainties about cyber can be transformed into manageable risk. After reviewing the main characteristics of cyber risk, we consider the three layers of cyber space: hardware, software and psycho-cognitive layer. We ask ourselves how is this risk different from others, how modelling has been tackled and needs to evolve, and what are the multi-facetted aspects of cyber risk management. This wide exploration pictures a science in the making and points out the questions to be solved for building a resilient society.

Cryptography and Security

Elena Yu. Omelchenko,,Nadezhda G. Bochkareva,

DOI: https://doi.org/10.36871/ek.up.p.r.2023.12.04.001

2023-01-01

Abstract:The article examines the growing role of digitalization in the economy. The increasing possibilities of cyberbullying are considered. The emerging risks have been studied, information about some fraudulent schemes, traps, and techniques of fraudsters has been systematized. Recommended behavioral reactions to resist traps are presented, methods of data control and protection in the digital space are given, and the organization of risk-oriented control in credit institutions for the purpose of AML/CFT is analyzed.

Sergey V Shkodinsky,Moscow 127006 Financial Research Institute,Mihail N Dudin,Daler I Usmanov,Moscow 117418 Market Economy Institute,Sergey V. Shkodinsky,,Mihail N. Dudin,Daler I. Usmanov,,,

DOI: https://doi.org/10.31107/2075-1990-2021-3-38-53

2021-06-01

Financial Journal

Abstract:The relevance of the topic of this scientific article lies in the need for a theoretical and practical study of the problem of escalating numbers and quality of cyber threats and attacks committed against institutions of the Russian financial system, implying their safe and sustainable development being ensured in Industry 4.0. The purpose of the article is a comprehensive analysis of cyberthreats facing the national financial system of the Russian Federation in the context of economy digitalization. The subject of scientific research is the processes of ensuring national security of the Russian Federation’s financial system in the digital economy. In the process of research, the authors relied on general scientific methods (observation, comparison, measurement, analysis and synthesis, as well as logical reasoning), specific scientific methods (static analysis, expert assessments, and graphical method), and the foresight method. The validity and reliability of the results of scientific research are ensured by the correctness and rigor of the logic and research scheme construction. Scientific and practical research of Russian and foreign scientists in the field of cybersecurity, digital economy and public administration was used as a methodological and fundamental basis of the study. Various approaches to key categories—digital sovereignty and cyberwar—have been systematized, and it has been established that the most pressing financial challenges and threats to the digital economy of the Russian Federation are as follows: hacker attacks, financial sabotage in the financial market, design and launch of social engineering trojans, infrastructure attacks on IoT (Internet of Things) networks, and sale of hacker tools with open source. The authors have analyzed the number and quality of cyberattacks on domestic financial institutions in 2016–2020; summarized the losses caused by cyberattacks to financial institutions; and identified the main scenarios for the development of cyberthreats and cyberattacks for the national financial system. As the main conclusion, the authors determine that further elaboration of the issues of ensuring financial institution cybersecurity in the digital economy requires justification and implementation of specific programs and activities carried out both by commercial banks within the framework of individual strategies for ensuring digital security, and by authorities and management with positions of ensuring the digital sovereignty of the state.

Rami Shehab,Abrar s.alismail,Dr. Mohammed Amin Almaiah,Dr. Tayseer Alkhdour,Dr. Belal Mahmoud AlWadi,Dr. Mahmaod Alrawad

DOI: https://doi.org/10.58346/jisis.2024.i3.010

2024-08-30

Abstract:Technology is important in all aspects of our lives, particularly in the banking sector. Advanced technologies resulted in a fundamental shift in the way banks operate. Malicious use of technology leads to security breaches, customer distrust, financial instability, and other forms of cybercrime. This paper focuses on the most important threats and challenges to be considered while interacting with banks and financial institutions. Significant number of literatures will be reviewed to identify the most common threats and attacks on banks and financial institutions sector, as well as appropriate mitigation techniques and countermeasures. This paper focuses on bank and financial services institution infrastructure vulnerabilities that are escalating attacks on the sector and affecting the banking system, individuals, and organizations. The security study in these 35 projects demonstrates how cyber intrusions continue to attack the financial sector due to the weakness of security defense and data containment. It turns out that malware attacks are the most common threats to banks and financial institutions. Sharing and exchanging information between banks and financial institutions, as well as best practices taken by bank cards issuers and users are the most effective mitigation techniques. Some previous studies proposed a successful model for mitigating the impact of threats on banks and financial institutions, as well as reducing risks that cannot be mitigated using current mitigation techniques. According to banks and financial services statistics and surveys, existing controls and laws do not provide appropriate security meet the banks and financial services institutions systems' demands and requirements.

Yuri M. Avdeev*,Liliya Z. Gumerova,Inna M. Vankovich,Olga V. Dymchenko,Vitaly M. Smolentsev,Lyudmila I. Petrova,,,,,,

DOI: https://doi.org/10.35940/ijitee.b7908.129219

2019-12-10

International Journal of Innovative Technology and Exploring Engineering

Abstract:Successful digital transformation requires paying increased attention to security. Some of the world's largest companies have been victims of cyberattacks. Internet Protocol addresses, personal information and finance are constantly at risk. In the digital world content, corporate networks of the past no longer exist. Security must be built directly into all applications. However, many companies delay the strengthening of their security systems until it is too late. According to Gartner, until 2020, 99% of vulnerabilities in operating systems have been known to IT security specialists for at least a year. This means that companies must first eliminate the existing vulnerabilities that they know. According to some estimates, almost 85% of the participants in the financial market call digital transformation the main priority for the next 3–4 years, because they see in it not only cost reduction, but also the possibility of creating new business models, new communication with the client, and, in fact, new sources of income. Recently, the financial system of Russia has been catching up with the West in terms of digitalisation and now it is developing faster than Western markets. All this suggests the need for closer attention to ensuring the security of transformation processes taking place in the financial market

Mikhail Samuilovich Gasparian,Irina Anatolievna Kiseleva,Valery Aleksandrovich Titov,Leonid Anatolyevich Olenev

DOI: https://doi.org/10.5377/nexo.v34i04.12684

2021-10-28

Nexo Revista Científica

Abstract:The present article attempts to study the role of financial risk management in the digital economy era. The main purpose of the article is to identify the main patterns that determine the features of risk assessment in business as the main element contributing to the achievement of economic security of the organization, as well as to carry out a comparative analysis of risk assessment and risk management methods in the context of digitalization. The contemporary economic analysis employs various risk management methods. Digitalization also creates new risks, most of which are related to cybercrime and fraud on the Internet. The most effective ways to reduce risk in the context of instability of the economic and political situation in Russia are the scenarios method and the method of analyzing hierarchies, as well as diversification, i.e. the distribution of risks among several business participants. The article discusses various types of economic risks, risk analysis, and assessment methods, as well as risk neutralizing strategies.

Danial Javaheri,Mahdi Fahmideh,Hassan Chizari,Pooia Lalbakhsh,Junbeom Hur

DOI: https://doi.org/10.1016/j.eswa.2023.122697

2023-12-04

Abstract:The rapid evolution of the Smart-everything movement and Artificial Intelligence (AI) advancements have given rise to sophisticated cyber threats that traditional methods cannot counteract. Cyber threats are extremely critical in financial technology (FinTech) as a data-centric sector expected to provide 24/7 services. This paper introduces a novel and refined taxonomy of security threats in FinTech and conducts a comprehensive systematic review of defensive strategies. Through PRISMA methodology applied to 74 selected studies and topic modeling, we identified 11 central cyber threats, with 43 papers detailing them, and pinpointed 9 corresponding defense strategies, as covered in 31 papers. This in-depth analysis offers invaluable insights for stakeholders ranging from banks and enterprises to global governmental bodies, highlighting both the current challenges in FinTech and effective countermeasures, as well as directions for future research.

Cryptography and Security,Artificial Intelligence

Yue Zhao

DOI: https://doi.org/10.54254/2754-1169/89/20241908

2024-06-10

Abstract:This paper delves into the pivotal role of advanced technologies in enhancing financial risk management across various domains, including credit risk, market risk, operational risk, and liquidity risk. It meticulously explores the application of machine learning (ML) algorithms and artificial intelligence (AI) in developing sophisticated risk assessment models, portfolio diversification strategies, and regulatory compliance mechanisms, which collectively surpass traditional methodologies in accuracy, efficiency, and predictive power. Through a detailed examination of enhanced Value at Risk (VaR) models, dynamic hedging strategies, and the impact of geopolitical events on market risk, alongside innovative approaches to operational risk mitigation and liquidity planning, this study underscores the transformative potential of technological advancements in financial risk management. It highlights how these technologies facilitate real-time analysis, predictive modeling, and strategic planning, significantly contributing to the resilience and stability of financial institutions in the face of evolving risks and regulatory requirements.

Omolara Patricia Olaiya,Temitayo Oluwadamilola Adesoga,Adefisayo Ojo,Oluwabusola Dorcas Olagunju,Olajumoke Oluwagbemisola Ajayi,Yusuf Olalekan Adebayo

DOI: https://doi.org/10.30574/gscarr.2024.20.1.0241

2024-07-30

GSC Advanced Research and Reviews

Abstract:The financial technology (fintech) sector has witnessed remarkable expansion in recent years, fundamentally reshaping the landscape of financial services delivery and consumption. This growth is driven by new technologies such as mobile banking, digital wallets, blockchain and artificial intelligence Keenan the risk for fintech has increased. As pioneers in the use of technology to enhance financial transactions, Fintech has become an attractive target for cybercriminals looking to exploit weaknesses in digital infrastructure. The evolving nature and sophistication of cyber threats, including phishing attacks, ransomware, data breaches, and insider threats, pose significant risks to the integrity and security of financial data and assets. This paper aims to provide a comprehensive review of cybersecurity strategies implemented within the fintech industry to safeguard against these threats. It examines the current landscape of cyber risks facing fintech firms, highlighting the multifaceted challenges posed by malicious actors and technological vulnerabilities. Moreover, the paper evaluates the effectiveness of various cybersecurity measures adopted by fintech companies, such as encryption protocols, multi-factor authentication, AI-driven threat detection, and blockchain technology. Furthermore, the review discusses emerging trends and technologies poised to bolster cybersecurity in the fintech sector. These include advancements in quantum-resistant encryption, zero-trust architecture, regulatory compliance frameworks (e.g., GDPR, PCI DSS), and proactive incident response strategies. By exploring these innovative approaches, the paper seeks to illuminate proactive measures that can mitigate cyber risks and enhance resilience in fintech operations.

Wing Fung Chong,Runhuan Feng,Hins Hu,Linfeng Zhang

2023-10-23

Abstract:Cyber risk is an omnipresent risk in the increasingly digitized world that is known to be difficult to manage. This paper proposes a two-pillar cyber risk management framework to address such difficulty. The first pillar, cyber risk assessment, blends the frequency-severity model in insurance with the cascade model in cybersecurity, to capture the unique feature of cyber risk. The second pillar, cyber capital management, provides informative decision-making on a balanced cyber risk management strategy, which includes cybersecurity investments, insurance coverage, and reserves. This framework is demonstrated by a case study based on a historical cyber incident dataset, which shows that a comprehensive cost-benefit analysis is necessary for a budget-constrained company with competing objectives for cyber risk management. Sensitivity analysis also illustrates that the best strategy depends on various factors, such as the amount of cybersecurity investments and the effectiveness of cybersecurity controls.

Risk Management,Cryptography and Security,Optimization and Control

Konrad Trzonkowski,Olena Khalina,Paulina Kolisnichenko,Nataliia Rozumovych,Oleksandr Zhyhulin

DOI: https://doi.org/10.34069/ai/2023.69.09.28

2023-09-30

Revista Amazonia Investiga

Abstract:The aim of the article was to study the characteristics of the formation of an information system to implement the administrative and legal mechanism to ensure financial and economic security under the influence of cyber threats. The research methodology involved the use of hierarchical and pairwise comparison analysis, as well as the method of expert analysis, with the help of academic documentary sources. As a result of the study, the main cyber threats in the information system of the administrative and legal mechanism for ensuring financial and economic security were identified and ordered according to their level of influence. This order will allow the management apparatus to understand, at least in theory, the hierarchy of importance of existing threats and subsequently use the latter to build information systems. Everything allows to conclude that, by analyzing the obtained results, a methodical approach to the assessment of cyber threats to financial and economic security was formed. However, the study has its limitations, as for the formation of the above-mentioned information systems, a small number of cyber threats were adopted, which are also characteristic for a particular country like Ukraine.

Vitaliia Koibichuk,Tetiana Dotsenko

DOI: https://doi.org/10.21272/fmir.7(1).145-153.2023

2023-01-01

Abstract:Reliable cybersecurity has a decision value for economic and national security of every country. The financial sector is most susceptible to cyber-attacks, as it is one of the most important systems of society, containing a large amount of data and critical information. To provide reliable cybersecurity, government must participate actively in development and strengthening of policies. It includes establishment of rules and standards for business, creation of only national strategy of cybersecurity and participating in international partnership for an exchange advanced experience and resources. In addition, government must invest in cybersecurity tools, technology, and personnel to protect digital infrastructure and the data of citizens and companies. Finally, governments should prioritize cyber security education and awareness among citizens and companies to minimize the risk of digital attacks. The article provides a comprehensive bibliometric analysis of scientific publications devoted to the topic of financial cyber security using modern powerful bibliometric software (Vosviewer, Bibliometrix, SciVal) and an analysis of normative legislative documents of Ukraine and the European Union, in particular the recommendations of the European Union Agency for Cyber Security (ENISA). The bibliometric analysis made it possible to form groups of clusters characterizing the cyber lexicon, methods, and technologies for detecting cyberthreats, and to highlight the most cited publications in the world. The statistical basis for the analysis was formed by scientific publications indexed by the Elsevier reference and bibliographic corporation. The results of the conducted research are a plan of recommended actions for managers of financial institutions, banks, and enterprises regarding the effective organization of cyber security and includes such steps as: development of cyber security culture on an ongoing basis; appointment of a responsible person for the organization of cyber security; conducting cyber security audits on an ongoing basis; creating a data protection memo; provision of advanced training in the field of cyber data protection; ensuring effective interaction with a third party involved in financial relations, reflected in concluded contracts; formation of a response plan to cyber incidents; organization of secure access to automated information systems used in the institution’s operations; organization of device security in case of remote use and performance of professional duties; organization of network connection security; improvement of physical security of official documents and devices; protection of backup copies and testing for the possibility of a full update based on these backup copies; synchronization with cloud technologies in compliance with the provisions of regulatory documents; protection of websites, publication and distribution of up-to-date information on new types and types of cyber threats.

N Reshetnikova,M Magomedov,D Buklanov

DOI: https://doi.org/10.1088/1755-1315/666/6/062139

2021-03-01

IOP Conference Series: Earth and Environmental Science

Abstract:Abstract Among the priority areas of domestic science development, the state singled out the creation and development of digital technologies, systems capable of processing large amounts of data, which will make it possible to make a significant contribution to accelerating economic growth and ensuring the country’s security (including financial security). Such directions of development have led to the appearance in society of the problems of human interaction and digitaltechnologies in the financial sphere, leading both to a change in the model of financing the economy, and to the emergence of «Cifrogenic»/»digital-genous» 1 threats and challenges to society, the economy and man. Purpose: The society is faced with the dual nature of digital financial technologies, which is manifested in the fact that they are not only the basis for the development of innovative processes in the financial sector, but also a source of risks for society, the economy and people. Design/methodology/approach: The tools of systemic, structural functional and institutional approaches were used in the process of substantiation of theoretical provisions, data analysis, conclusions and recommendations that allowed analyzing and taking the complex areas of financial development of digital technology and human interaction and digital technology in the financial sector are analyzed as the studied material. A review of the literature on the selected topic has shown that relations arising in the course of human-digital interaction in the financial sphere are discussed in many papers of such scholars as Alifanova et al. (2019), Alifanova et al. (2018), Chechenov et al. (2020), Kumykov et al. (2017), Magomedov et al. (2017), Nivorozhkina et al. (2016), Smagina et al. (2017), Popkova et al. (2018), Lokova et al. (2019), Reshetnikova et al. (2019), Zmiyak et al. (2019), Reshetnikova and Magomedov, (2020). Findings: There are opportunities to form a «digital financial profile» of a person who becomes an object of advertising, marketing, sociological, political research, and ultimately can become a subject of social rating and a source of information for managing the financial behavior of a person and the country’s population as a whole. Whereas the answers to the questions of who and in whose interests controls the financial behavior of the country’s population relate to the field of national security. Originality/value: The functionality of digital technologies creates a new platform for human financial activity: supporting the adoption of credit and investment decisions, the availability of financial products and services and their personification through processing and analysis of big data, new types of investment assets resulting from blockchain technology and much more. At the same time, moving ever-increasing volumes of financial activity into virtual space, changing the format of interaction (from traditional Business-to-Customer to Peer-to-Peer and even Digital Profile-Digital profile), the emergence of Fintech companies, digitalization of the financial sector has wide range of consequences. So, financial organizations no longer interact with a person, but with his “digital profile”, with a psychological-digital portrait.

English Else

Е.Г. Нурисламов

DOI: https://doi.org/10.47629/2074-9201_2023_3_142_150

2023-09-26

Вестник Академии права и управления

Abstract:В статье представлен обзор истории изучения финансовых рисков как в России, так и за рубежом, рассмотрены различные модели, используемые для анализа финансового риска предприятия. Также рассматриваются различные подходы отечественных и зарубежных авторов к понятию финансового риска. Кроме того, автором определены основные финансовые риски, с которыми сталкиваются предприятия, и их трансформация в условиях цифровой экономики. Развитие цифровой экономики принесло множество преимуществ, но оно также создало новые финансовые риски, которыми необходимо управлять. Данная статья проливает свет на эти риски и стратегии, которые предприятия могут принять для их снижения. В статье предлагается инновационная методология оценки финансовых рисков предприятия. Методология основана на системе додекаэдров, которая включает 12 измерений финансового риска, в том числе кредитный риск, рыночный риск, риск ликвидности, операционный риск, риск соответствия требованиям, репутационный риск, стратегический риск, системный риск, геополитический риск, риск кибербезопасности, экологический риск и социальный риск. Каждый аспект делится на подкатегории, и для каждой подкатегории определяются показатели для оценки уровня подверженности риску. Методология также включает процесс количественной оценки рисков и присвоения веса каждому измерению на основе относительной важности рисков для предприятия. Полученный интегральный показатель дает комплексное представление о финансовых рисках, с которыми сталкивается предприятие, позволяя руководству разработать более эффективные стратегии управления рисками и улучшить общие финансовые показатели. Предлагаемая методология имеет значительный потенциал для использования в цифровой экономике и в нестабильной геополитической обстановке, позволяя предприятиям лучше управлять финансовыми рисками и повышать общую финансовую устойчивость. This article provides an overview of the history of the study of financial risks both in Russia and abroad, examining the various models used for analyzing the financial risk of an enterprise. The article also explores the different approaches taken by domestic and foreign authors towards the concept of financial risk. Additionally, the article identifies the key financial risks that enterprises face and how they have transformed in the digital economy. The development of the digital economy has brought about numerous benefits, but it has also introduced new financial risks that need to be managed. This article sheds light on these risks and the strategies that enterprises can adopt to mitigate them. This article proposes an innovative methodology for assessing the financial risks of an enterprise. The methodology is based on a dodecahedron system that incorporates twelve dimensions of financial risk, including credit risk, market risk, liquidity risk, operational risk, compliance risk, reputational risk, strategic risk, systemic risk, geopolitical risk, cybersecurity risk, environmental risk, and social risk. Each dimension is further divided into subcategories, and indicators are identified for each subcategory to assess the level of risk exposure. The methodology also includes a process for quantifying the risks and assigning weights to each dimension based on the relative importance of the risks to the enterprise. The resulting integral indicator provides a comprehensive view of the financial risks facing the enterprise, enabling management to develop more effective risk management strategies and enhance their overall financial performance. The proposed methodology has significant potential for use in the digital economy and in volatile geopolitical environments, enabling enterprises to better manage financial risks and enhance their overall financial resilience.

Yulia Yu. Kosenkova,Sergei V. Romanovskii,Elena P. Tsatskina,,,

DOI: https://doi.org/10.28995/2686-679x-2023-2-46-69

2023-01-01

Abstract:The current stage of Russian society development is characterized by the implementation of measures aimed at the development of digital technologies and their introduction into various spheres of the economy. An example of an innovative digital breakthrough in Russia is the Federal Tax Service, which accumulates significant amounts of confidential information, maintains a large number of registries, and implements a large number of services, including those not related to taxation. The realization of threats to information security in relation to information and communication technologies of the Federal Tax Service can lead to negative consequences. The purpose of the study is to build a model that allows assessing the probability of occurrence of the threats in question and their impact on digital interaction system between tax authorities and taxpayers, and the security of databases formed by tax authorities. The study applies universal methods of scientific cognition and mathematical methods for the construction of a risk assessment model. As a result, a model is proposed that allows assessment of information security risks, which information and communication technologies of the Federal Tax Service of Russia are exposed to. The proposed model can be used both at various levels of tax administration and in other spheres of state and municipal administration.

Matteo Malavasi,Gareth W. Peters,Pavel V. Shevchenko,Stefan Trück,Jiwook Jang,Georgy Sofronov

DOI: https://doi.org/10.1016/j.insmatheco.2022.05.003

2022-09-01

Insurance: Mathematics and Economics

Abstract:In this study an exploration of insurance risk transfer is undertaken for the cyber insurance industry in the United States of America, based on the leading industry dataset of cyber events provided by Advisen. We seek to address two core unresolved questions. First, what factors are the most significant covariates that may explain the frequency and severity of cyber loss events and are they heterogeneous over cyber risk categories? Second, is cyber risk insurable in regards to the required premiums, risk pool sizes and how would this decision vary with the insured companies industry sector and size? We address these questions through a combination of regression models based on the class of Generalized Additive Models for Location Shape and Scale (GAMLSS) and a class of ordinal regressions. These models will then form the basis for our analysis of frequency and severity of cyber risk loss processes. We investigate the viability of insurance for cyber risk using a utility modeling framework with premiums calculated by classical certainty equivalence analysis utilizing the developed regression models. Our results provide several new key insights into the nature of insurability of cyber risk and rigorously address the two insurance questions posed in a real data driven case study analysis.

English Else

Miroslav Gombár,Alena Vagaská,Antonín Korauš,Pavlína Račková

DOI: https://doi.org/10.3390/math12020343

IF: 2.4

2024-01-21

Mathematics

Abstract:In the current digital transformation to Industry 4.0, the demands on the ability of countries to react responsibly and effectively to threats in the field of cyber security (CS) are increasing. Cyber safety is one of the pillars and concepts of Industry 4.0, as digitization brings convergence and integration of information technologies (IT) and operational technologies (OT), IT/OT systems, and data. Collecting and connecting a large amount of data in smart factories and cities poses risks, in a broader context for the entire state. The authors focus attention on the issue of CS, where, despite all digitization, the human factor plays a key role—an actor of risk as well as strengthening the sustainability and resilience of CS. It is obvious that in accordance with how the individuals (decision-makers) perceive the risk, thus they subsequently evaluate the situation and countermeasures. Perceiving cyber threats/risks in their complexity as a part of hybrid threats (HT) helps decision-makers prevent and manage them. Due to the growing trend of HT, the need for research focused on the perception of threats by individuals and companies is increasing. Moreover, the literature review points out a lack of methodology and evaluation strategy. This study presents the results of the research aimed at the mathematical modelling of risk perception of threats to the state and industry through the disruption of CS. The authors provide the developed factor model of cyber security (FMCS), i.e., the model of CS threat risk perception. When creating the FMCS, the researchers applied SEM (structural equation modelling) and confirmatory factor analysis to the data obtained by the implementation of the research tool (a questionnaire designed by the authors). The pillars and sub-pillars of CS defined within the questionnaire enable quantification in the perception of the level of risk of CS as well as differentiation and comparison between the analyzed groups of respondents (students of considered universities in SK and CZ). The convergent and discriminant validity of the research instrument is verified, and its reliability is confirmed (Cronbach's alpha = 0.95047). The influence of the individual pillars is demonstrated as significant at the significance level of α = 5%. For the entire research set N = 964, the highest share of risk perception of CS threats is achieved by the DISRIT pillar (disruption or reduction of the resistance of IT infrastructure).

mathematics