A stochastic SIR model for cyber contagion: application to granular growth of firms and to insurance portfolio
This paper by Caroline Hillairet, Olivier Lopez and Lionel Sopgoui (CREST, UMR CNRS) describes a stochastic SIR model designed to quantify the financial impact of contagious cyber-attacks on corporate revenues and insurance portfolios. By blending epidemiological frameworks with economic granular growth models, the researchers account for the reality that larger firms are more frequent targets and exhibit different internal infection dynamics. The model specifically utilizes Cox-Ingersoll-Ross (CIR) processes to incorporate environmental variability, allowing for more realistic simulations of how ransomware spreads within and between organizations. A key practical application analyzes the 2024 LockBit ransomware attacks, offering insurers a method to calculate Aggregate Exceedance Probabilities to forecast potential losses. Ultimately, the framework bridges the gap between cybersecurity technicalities and financial risk management, providing a tool for measuring systemic cyber threats across diverse industrial sectors.