Proper evaluation of the risk associated to a cyber attack is a crucial aspect for many companies. There is an increasing need to plan for and implement effective ways to address cyber security, data security, and privacy protection. Estimating the risk of a successful cyber attack is an important issue, since this type of threat is proliferating and thus poses increasing danger to companies and the customers who use their services. While quantitative loss data are rarely available, it is possible to obtain a qualitative evaluation on an ordinal scale of severity of cyber attacks from experts of the sector. Hence, it is natural to apply order response models for the analysis of cyber risk. In particular, we rely on cumulative link models. We explain the experts' assessment of the severity of a cyber attack as a function of a set of explanatory variables describing the characteristics of the attack under consideration. A measure of diffusion of the effects of the attacks obtained via the use of a network structure is also incorporated into the set of explanatory variables of the model. Along with the description of the methodology, we present a detailed analysis of a real data set that includes information on serious cyber attacks occurred worldwide in the period 2017-2018.

Facchinetti, S., Osmetti, S. A., Tarantola, C., A statistical approach for assessing cyber risk via ordered response models, <<RISK ANALYSIS>>, 2024; 44 (2): 425-438. [doi:10.1111/risa.14186] [https://hdl.handle.net/10807/262994]

A statistical approach for assessing cyber risk via ordered response models

Facchinetti, Silvia;Osmetti, Silvia Angela;
2024

Abstract

Proper evaluation of the risk associated to a cyber attack is a crucial aspect for many companies. There is an increasing need to plan for and implement effective ways to address cyber security, data security, and privacy protection. Estimating the risk of a successful cyber attack is an important issue, since this type of threat is proliferating and thus poses increasing danger to companies and the customers who use their services. While quantitative loss data are rarely available, it is possible to obtain a qualitative evaluation on an ordinal scale of severity of cyber attacks from experts of the sector. Hence, it is natural to apply order response models for the analysis of cyber risk. In particular, we rely on cumulative link models. We explain the experts' assessment of the severity of a cyber attack as a function of a set of explanatory variables describing the characteristics of the attack under consideration. A measure of diffusion of the effects of the attacks obtained via the use of a network structure is also incorporated into the set of explanatory variables of the model. Along with the description of the methodology, we present a detailed analysis of a real data set that includes information on serious cyber attacks occurred worldwide in the period 2017-2018.
2024
Inglese
Facchinetti, S., Osmetti, S. A., Tarantola, C., A statistical approach for assessing cyber risk via ordered response models, <<RISK ANALYSIS>>, 2024; 44 (2): 425-438. [doi:10.1111/risa.14186] [https://hdl.handle.net/10807/262994]
File in questo prodotto:
File Dimensione Formato  
cyberriskorig.pdf

accesso aperto

Licenza: Creative commons
Dimensione 25.75 MB
Formato Adobe PDF
25.75 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10807/262994
Citazioni
  • ???jsp.display-item.citation.pmc??? 0
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact