Heavy-tailed distribution of cyber-risks
From MaRDI portal
Publication:614593
DOI10.1140/EPJB/E2010-00120-8zbMATH Open1202.68057arXiv0803.2256OpenAlexW2591887805MaRDI QIDQ614593FDOQ614593
Publication date: 4 January 2011
Published in: The European Physical Journal B. Condensed Matter and Complex Systems (Search for Journal in Brave)
Abstract: With the development of the Internet, new kinds of massive epidemics, distributed attacks, virtual conflicts and criminality have emerged. We present a study of some striking statistical properties of cyber-risks that quantify the distribution and time evolution of information risks on the Internet, to understand their mechanisms, and create opportunities to mitigate, control, predict and insure them at a global scale. First, we report an exceptionnaly stable power-law tail distribution of personal identity losses per event, , with . This result is robust against a surprising strong non-stationary growth of ID losses culminating in July 2006 followed by a more stationary phase. Moreover, this distribution is identical for different types and sizes of targeted organizations. Since , the cumulative number of all losses over all events up to time increases faster-than-linear with time according to , suggesting that privacy, characterized by personal identities, is necessarily becoming more and more insecure. We also show the existence of a size effect, such that the largest possible ID losses per event grow faster-than-linearly as with the organization size . The small value of the power law distribution of ID losses is explained by the interplay between Zipf's law and the size effect. We also infer that compromised entities exhibit basically the same probability to incur a small or large loss.
Full work available at URL: https://arxiv.org/abs/0803.2256
Applications of statistics in engineering and industry; control charts (62P30) Internet topics (68M11)
Cites Work
- Power-Law Distributions in Empirical Data
- Critical phenomena in natural sciences. Chaos, fractals, selforganization and disorder: Concepts and tools.
- Empirical distributions of stock returns: between the stretched exponential and the power law?
- Zipf's Law for Cities: An Explanation
- Finite-time singularity in the dynamics of the world population, economic and financial indices
- Extreme Financial Risks
- Oscillatory finite-time singularities in finance, population and rupture
- Kernel estimation in high-energy physics
Cited In (21)
- Cyber insurance-linked securities
- Detecting systematic anomalies affecting systems when inputs are stationary time series
- Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology
- Bias-reduced and variance-corrected asymptotic Gaussian inference about extreme expectiles
- Data Breach CAT Bonds: Modeling and Pricing
- Cyber risk modeling: a discrete multivariate count process approach
- A bonus-malus framework for cyber risk insurance and optimal cybersecurity provisioning
- Modeling and pricing cyber insurance. Idiosyncratic, systematic, and systemic risks
- Cyber claim analysis using generalized Pareto regression trees with applications to insurance
- On the determinants of data breaches: a cointegration analysis
- Modeling Malicious Hacking Data Breach Risks
- A comprehensive model for cyber risk based on marked point processes and its application to insurance
- Frequency and severity estimation of cyber attacks using spatial clustering analysis
- Bayesian credibility model with heavy tail random variables: calibration of the prior and application to natural disasters and cyber insurance
- A multivariate frequency-severity framework for healthcare data breaches
- Data breaches: goodness of fit, pricing, and risk measurement
- Unraveling heterogeneity in cyber risks using quantile regressions
- Utility of classical insurance risk models for measuring the risks of cyber incidents
- Cyber risk frequency, severity and insurance viability
- Extreme Data Breach Losses: An Alternative Approach to Estimating Probable Maximum Loss for Data Breach Risk
- Capital Requirements for Cyber Risk and Cyber Risk Insurance: An Analysis of Solvency II, the U.S. Risk-Based Capital Standards, and the Swiss Solvency Test
Uses Software
Recommendations
- Cyber risk measurement with ordinal data π π
- Cyber risk ordering with rank-based statistical models π π
- Unraveling heterogeneity in cyber risks using quantile regressions π π
- Cyber risk frequency, severity and insurance viability π π
- Multivariate dependence among cyber risks based on \(L\)-hop propagation π π
- Stochastic Analysis of Cyber-Attacks π π
- Modeling multivariate cybersecurity risks π π
This page was built for publication: Heavy-tailed distribution of cyber-risks
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q614593)
