The nature of losses from cyber-related events: risk categories and business sectors

Pavel Shevchenko, Jiwook Jang, Matteo Malavasi, Gareth W. Peters*, Georgy Sofronov, Stefan Trück

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

10 Citations (Scopus)
69 Downloads (Pure)

Abstract

In this study, we examine the nature of losses from cyber-related events across different risk categories and business sectors. Using a leading industry dataset of cyber events, we evaluate the relationship between the frequency and severity of individual cyber-related events and the number of affected records. We find that the frequency of reported cyber-related events has substantially increased between 2008 and 2016. Furthermore, the frequency and severity of losses depend on the business sector and type of cyber threat: the most significant cyber loss event categories, by number of events, were related to data breaches and the unauthorized disclosure of data, while cyber extortion, phishing, spoofing, and other social engineering practices showed substantial growth rates. Interestingly, we do not find a distinct pattern between the frequency of events, the loss severity, and the number of affected records as often alluded to in the literature. We also analyse the severity distribution of cyber-related events across all risk categories and business sectors. This analysis reveals that cyber risks are heavy-tailed, i.e. cyber risk events have a higher probability to produce extreme losses than events whose severity follows an exponential distribution. Furthermore, we find that the frequency and severity of cyber-related losses exhibit a very dynamic and time-varying nature.

Original languageEnglish
Article numbertyac016
Pages (from-to)1-12
Number of pages12
JournalJournal of Cybersecurity
Volume9
Issue number1
DOIs
Publication statusPublished - 5 Jan 2023

Bibliographical note

Copyright The Author(s) 2023. Published by Oxford University Press. Version archived for private and non-commercial use with the permission of the author/s and according to publisher conditions. For further rights please contact the publisher.

Keywords

  • cyber risk
  • frequency and severity
  • risk categories
  • business sectors
  • heavy-tailed distributions
  • costs

Fingerprint

Dive into the research topics of 'The nature of losses from cyber-related events: risk categories and business sectors'. Together they form a unique fingerprint.

Cite this