Heavy-tailed distribution of cyber-risks
From MaRDI portal
Publication:614593
Abstract: With the development of the Internet, new kinds of massive epidemics, distributed attacks, virtual conflicts and criminality have emerged. We present a study of some striking statistical properties of cyber-risks that quantify the distribution and time evolution of information risks on the Internet, to understand their mechanisms, and create opportunities to mitigate, control, predict and insure them at a global scale. First, we report an exceptionnaly stable power-law tail distribution of personal identity losses per event, , with . This result is robust against a surprising strong non-stationary growth of ID losses culminating in July 2006 followed by a more stationary phase. Moreover, this distribution is identical for different types and sizes of targeted organizations. Since , the cumulative number of all losses over all events up to time increases faster-than-linear with time according to , suggesting that privacy, characterized by personal identities, is necessarily becoming more and more insecure. We also show the existence of a size effect, such that the largest possible ID losses per event grow faster-than-linearly as with the organization size . The small value of the power law distribution of ID losses is explained by the interplay between Zipf's law and the size effect. We also infer that compromised entities exhibit basically the same probability to incur a small or large loss.
Recommendations
- Unraveling heterogeneity in cyber risks using quantile regressions
- Cyber risk ordering with rank-based statistical models
- Modeling multivariate cybersecurity risks
- Cyber risk frequency, severity and insurance viability
- Stochastic analysis of cyber-attacks
- Multivariate dependence among cyber risks based on \(L\)-hop propagation
- Cyber risk measurement with ordinal data
Cites work
- Critical phenomena in natural sciences. Chaos, fractals, selforganization and disorder: Concepts and tools.
- Empirical distributions of stock returns: between the stretched exponential and the power law?
- Extreme Financial Risks
- Finite-time singularity in the dynamics of the world population, economic and financial indices
- Kernel estimation in high-energy physics
- Oscillatory finite-time singularities in finance, population and rupture
- Power-law distributions in empirical data
- Zipf's Law for Cities: An Explanation
Cited in
(21)- A bonus-malus framework for cyber risk insurance and optimal cybersecurity provisioning
- Data breach CAT bonds: modeling and pricing
- A comprehensive model for cyber risk based on marked point processes and its application to insurance
- On the determinants of data breaches: a cointegration analysis
- Cyber risk frequency, severity and insurance viability
- Cyber claim analysis using generalized Pareto regression trees with applications to insurance
- Modeling and pricing cyber insurance. Idiosyncratic, systematic, and systemic risks
- A multivariate frequency-severity framework for healthcare data breaches
- Bias-reduced and variance-corrected asymptotic Gaussian inference about extreme expectiles
- Bayesian credibility model with heavy tail random variables: calibration of the prior and application to natural disasters and cyber insurance
- Capital requirements for cyber risk and cyber risk insurance: an analysis of Solvency II, the U.S. Risk-Based Capital Standards, and the Swiss Solvency Test
- Data breaches: goodness of fit, pricing, and risk measurement
- Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology
- Extreme data breach losses: an alternative approach to estimating probable maximum loss for data breach risk
- Modeling malicious hacking data breach risks
- Frequency and severity estimation of cyber attacks using spatial clustering analysis
- Cyber insurance-linked securities
- Unraveling heterogeneity in cyber risks using quantile regressions
- Detecting systematic anomalies affecting systems when inputs are stationary time series
- Cyber risk modeling: a discrete multivariate count process approach
- Utility of classical insurance risk models for measuring the risks of cyber incidents
This page was built for publication: Heavy-tailed distribution of cyber-risks
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q614593)
