Nos derniers articles

Lack of high-quality public cyber incident data hinders empirical research and predictive modeling for cyber risk. Companies' reluctance to disclose incidents, fearing reputational damage, perpetuates this challenge. Actuarial solutions focus on enhancing existing datasets and employing advanced modeling. A new InsurTech framework is proposed to enrich cyber incident data with entity-specific attributes, addressing the gap in publicly available information. Machine learning models predict incident types and estimate frequencies, demonstrating improved robustness when incorporating InsurTech-derived features. This framework aims to generate transparent, entity-specific cyber risk profiles, supporting tailored underwriting and proactive risk mitigation for insurers and organizations.

The World Economic Forum (WEF) and the University of Oxford’s GCSCC released the *Cyber Resilience Compass* to help organizations strengthen cyber resilience. Based on global expert input, it outlines seven key areas: leadership, governance, people and culture, business processes, technical systems, crisis management, and ecosystem engagement. It stresses that cyber resilience requires more than technical fixes; it demands aligning strategies with business goals, continuous learning, and collaboration. Tailored approaches are essential, given differing organizational risks and structures. The Compass aims to foster knowledge-sharing and build a scalable, adaptable framework for long-term, effective cyber resilience.

"After reviewing the main characteristics of cyber risk, we consider the three layers of cyber space: hardware, software and psycho-cognitive layer."

"Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators."

"We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals in the financial sector..."