16 résultats
pour « cyberrisk »
The Cyber Due Diligence Object Model (CDDOM) is a structured, extensible framework designed for SMEs to manage cybersecurity due diligence in digital supply chains. Aligned with regulations like NIS2, DORA, CRA, and GDPR, CDDOM enables continuous, automated, and traceable due diligence. It integrates descriptive schemas, role-specific messaging, and decision support to facilitate supplier onboarding, risk reassessment, and regulatory compliance. Validated in real-world scenarios, CDDOM supports automation, transparency, and interoperability, translating compliance and trust signals into machine-readable formats. It fosters resilient, decision-oriented cyber governance, addressing modern cybersecurity challenges outlined in recent research.
This study extends the Gordon–Loeb model for cybersecurity investment by incorporating a Hawkes process to model temporally clustered cyberattacks, reflecting real-world attack bursts. Formulated as a stochastic optimal control problem, it maximizes net benefits through adaptive investment policies that respond to attack arrivals. Numerical results show these dynamic strategies outperform static and Poisson-based models, which overlook clustering, especially in high-risk scenarios. The framework aids risk managers in tailoring responsive cybersecurity strategies. Future work includes empirical calibration, risk-averse loss modeling, cyber-insurance integration, and multivariate Hawkes processes for diverse attack types.
The OCC reports that operational risk is elevated due to cyber threats and complex operations. Compliance risks are also significant, especially in areas like BSA/AML and fraud prevention. External fraud targeting consumers and banks is increasing, requiring strong fraud management practices. Banks should prioritize risk management, maintain sound controls, and educate customers to mitigate these risks.
This paper analyzes the constraints on the #insuranceindustry in providing larger capacity for #cyberrisk #insurance. The authors argue that cyber risk is unique in that it is both information-intensive to underwrite and heavy-tailed, leading to a tension between the need to raise large amounts of external capital to finance heavy-tailed risks and the high compensation demanded by capital providers due to information frictions.
While previous research has focused on #cyberrisk #riskmitigation measures, this study describes the emergence of various real-world cyber #risktransfer products in the last decade, including #warranties, #cloudcomputing partnerships, #parametricinsurance, #reinsurance, and #cyber #catbonds.
We provide a #cyberrisk definition and classification scheme for #riskmanagement purposes, to be used as a data collection template for #financialinstitutions.
"This paper employs #computational #linguistics to introduce a novel text-based measure of firm-level #cyberrisk exposure based on quarterly earnings conference calls of listed firms. Our quarterly measures are available for more than 13,000 firms from 85 countries over 2002-2021. ... The geography of cyber risk exposure is well approximated by a gravity model extended with cross-border portfolio flows. Back-of-the-envelope calculations suggest that the global #cost of cyber risk is over $200 billion per year."
The authors use mid-quantile regression to deal with ordinal #riskassessments and compare their approach to current alternatives for #cyberrisk ranking and graded responses. They test their #model on both simulated and real data and discuss its applications to #threatlintelligence.
The current #canadian regime, which draws on the #basel #operationalrisk framework, is not equipped to handle the unique challenges of #cyberrisk. Cyber incidents differ from traditional operational disruptions in terms of their dynamism and impact, and traditional risk-based #supervision is not suitable for the rapidly changing cyber profile of #regulated #financialinstitutions.services for all communities, especially those most impacted by climate change."
"After reviewing the main characteristics of cyber risk, we consider the three layers of cyber space: hardware, software and psycho-cognitive layer."