Nos derniers articles

For years, "continuous monitoring" in cybersecurity lacked a clear definition, forcing improvised security practices. This paper introduces QUARC, a formal model that quantifies cybersecurity risk and links it to precise detection and response times. QUARC provides a robust, weight-free probabilistic risk function, translating this risk into concrete operational cadences using hazard and queue theories. This model offers a universal standard, allowing regulators to enforce testable compliance, security teams to monitor real-time conformance, and insurers to price risk accurately. QUARC transforms a vague policy into a measurable, enforceable reality, closing a critical loophole exploited by attackers.

A review of 28 studies (2019–2023) shows growing academic interest in the relationship between fintech and banking risk, using diverse models and frameworks. Research focuses on bank-level, country-level, and fintech-specific measures, analyzing risks like insolvency, credit, liquidity, and market risk. The study highlights the importance of interdisciplinary and cross-country research, recommends adopting multi-theoretical frameworks, and urges consideration of individual-level factors such as financial literacy and digital access. For policymakers, it offers guidance on monitoring fintech’s impact and stresses the need for comprehensive regulation and global cooperation to ensure financial stability and effective risk management.

This article presents modeling approaches—both structural and reduced-form—to improve the understanding and prediction of environmental risks. It enhances existing models for better risk assessment and pricing, particularly in infrastructure and land use contexts. Potential extensions include advanced temperature and rainfall modeling, such as stochastic mean-reversion and regime-switching Lévy processes. The paper also suggests future research comparing insurance pricing methods and exploring parametric insurance mechanisms, where payouts are triggered by measurable parameters rather than actual losses. These developments aim to refine environmental risk management and insurance strategies.

All strategic and operational decisions should consider risk-adjusted earnings value, as all management inherently involves risk management. Effective risk management requires skilled personnel and a robust system to analyze, monitor, and manage risks, focusing on seven key areas: decision-oriented risk management, value-oriented corporate management, risk quantification (including economic, geopolitical, and sustainability risks), and risk aggregation using Monte Carlo simulations. A strong corporate strategy ensures financial sustainability and manageable earnings risks, while embedded risk management enables employees to address risks. These areas, underexplored in literature, warrant further attention, particularly risk aggregation through simulation methods.

The Cyber Due Diligence Object Model (CDDOM) is a structured, extensible framework designed for SMEs to manage cybersecurity due diligence in digital supply chains. Aligned with regulations like NIS2, DORA, CRA, and GDPR, CDDOM enables continuous, automated, and traceable due diligence. It integrates descriptive schemas, role-specific messaging, and decision support to facilitate supplier onboarding, risk reassessment, and regulatory compliance. Validated in real-world scenarios, CDDOM supports automation, transparency, and interoperability, translating compliance and trust signals into machine-readable formats. It fosters resilient, decision-oriented cyber governance, addressing modern cybersecurity challenges outlined in recent research.

This study extends the Gordon–Loeb model for cybersecurity investment by incorporating a Hawkes process to model temporally clustered cyberattacks, reflecting real-world attack bursts. Formulated as a stochastic optimal control problem, it maximizes net benefits through adaptive investment policies that respond to attack arrivals. Numerical results show these dynamic strategies outperform static and Poisson-based models, which overlook clustering, especially in high-risk scenarios. The framework aids risk managers in tailoring responsive cybersecurity strategies. Future work includes empirical calibration, risk-averse loss modeling, cyber-insurance integration, and multivariate Hawkes processes for diverse attack types.

Cyberattacks primarily impact firm value through increased costs rather than sales declines, indicating financial burdens over reputational damage. Costs persist beyond the short term, and firms invest in recovery efforts. Over time, reputational concerns have diminished as cyber resilience improves. These findings emphasize the need for strong corporate risk management, focusing on cost recovery, recovery planning, and trust restoration strategies tailored to specific contexts.

A structured IT outsourcing risk management policy is crucial for navigating third-party service complexities. This study proposes a framework integrating IT outsourcing principles with COBIT standards, covering risk identification, analysis, mitigation, and ongoing monitoring. Implementing this policy enhances organizational asset protection, operational continuity, and minimizes outsourcing risks. It improves information security and business process efficiency. This framework provides practical guidance for organizations to effectively manage risks and optimize IT outsourcing value.

The banking industry faces complex financial risks, including credit, market, and operational risks, requiring a clear understanding of the aggregate cost of risk. Advanced AI models complicate transparency, increasing the need for explainable AI (XAI). Understanding risk mathematics enhances predictability, financial management, and regulatory compliance in an evolving landscape.

This study integrates cybersecurity risks into a neoclassical growth model, revealing that proactive investments enhance long-term stability, while industry-specific vulnerabilities (capital-intensive resilience vs. labor-intensive disruptions) and systemic risks affect macroeconomic resilience. Optimal resource allocation, adaptive risk strategies via Bayesian updating, and prioritizing cybersecurity in long-term planning balance security with growth.