Cyber risk ordering with rank-based statistical models

In a world that is increasingly connected on-line, cyber risks become critical. Cyber risk management is very difficult, as cyber loss data are typically not disclosed. To mitigate the reputational risks associated with their disclosure, loss data may be collected in terms of ordered severity levels. However, to date, there are no risk models for ordinal cyber data. We fill the gap, proposing a rank-based statistical model aimed at predicting the severity levels of cyber risks. The application of our approach to a real-world case shows that the proposed models are, while statistically sound, simple to implement and interpret.

[1]  Douglas W. Hubbard,et al.  How to Measure Anything in Cybersecurity Risk , 2016 .

[2]  Keyun Ruan,et al.  Introducing cybernomics: A unifying economic framework for measuring cyber risk , 2017, Comput. Secur..

[3]  Emanuel Kopp,et al.  Cyber Risk, Market Failures, and Financial Stability , 2017, SSRN Electronic Journal.

[4]  C. Czado,et al.  Flexible Dependence Modeling of Operational Risk Losses and Its Impact on Total Capital Requirements , 2013 .

[5]  Michael Huth,et al.  Future Developments in Cyber Risk Assessment for the Internet of Things , 2018, Comput. Ind..

[6]  Pravin K. Trivedi,et al.  Regression Analysis of Count Data , 1998 .

[7]  C. Alexander Operational Risk: Regulation, Analysis and Management , 2003 .

[8]  Theodore T. Allen,et al.  Data-Driven Cyber-Vulnerability Maintenance Policies , 2014 .

[9]  Paolo Giudici,et al.  Cyber risk measurement with ordinal data , 2019, Statistical Methods & Applications.

[10]  Paolo Giudici,et al.  On the Gini measure decomposition , 2011 .

[11]  Joshua Neil,et al.  Attack chain detection , 2015, Stat. Anal. Data Min..

[12]  L. A. Cox Evaluating and improving risk formulas for allocating limited budgets to expensive risk-reduction opportunities. , 2012, Risk analysis : an official publication of the Society for Risk Analysis.

[13]  Dylan Evans,et al.  Problems with scoring methods and ordinal scales in risk assessment , 2010, IBM J. Res. Dev..

[14]  Samuel Kotz,et al.  The Laplace Distribution and Generalizations: A Revisit with Applications to Communications, Economics, Engineering, and Finance , 2001 .

[15]  S. Kotz,et al.  The Laplace Distribution and Generalizations , 2012 .

[16]  Paolo Giudici,et al.  Modelling Operational Losses: A Bayesian Approach , 2004 .

[17]  Marcelo Cruz Modeling, Measuring and Hedging Operational Risk , 2002 .

[18]  Gyunyoung Heo,et al.  Development of a cyber security risk model using Bayesian networks , 2015, Reliab. Eng. Syst. Saf..

[19]  Lisa Young,et al.  A Taxonomy of Operational Cyber Security Risks , 2010 .

[20]  E. Raffinetti,et al.  Dealing with the biased effects issue when handling huge datasets: the case of INVALSI data , 2015 .

[21]  M. O. Lorenz,et al.  Methods of Measuring the Concentration of Wealth , 1905, Publications of the American Statistical Association.

[22]  Pravin K. Trivedi,et al.  Regression Analysis of Count Data , 1998 .

[23]  Torrin M. Liddell,et al.  Analyzing Ordinal Data with Metric Models: What Could Possibly Go Wrong? , 2017, Journal of Experimental Social Psychology.

[24]  Cameron A MacKenzie,et al.  Summarizing Risk Using Risk Measures and Risk Indices , 2014, Risk analysis : an official publication of the Society for Risk Analysis.

[25]  R. Iman,et al.  The Use of the Rank Transform in Regression , 1979 .

[26]  E. Seneta Fitting the variance-gamma model to financial data , 2004, Journal of Applied Probability.

[27]  P. McCullagh Regression Models for Ordinal Data , 1980 .

[28]  Paola Cerchiello,et al.  Twitter data models for bank risk contagion , 2017, Neurocomputing.