RiSKi: A Framework for Modeling Cyber Threats to Estimate Risk for Data Breach Insurance

Historically, the financial benefits of cyber security investments have not been calculated with the same financial discipline used to evaluate other material investments. This was mainly due to a lack of readily available data on cyber incidents impacts and systematic methodology to support the efficacy of cyber investments. In this paper we propose an innovative, cyber investment management framework named RiSKi that incorporates detection and continuous monitoring of insiders societal behavior, to the extent permitted by the law, to proactively address implied anomalies and threats and their potential business impact and risks. Moreover, it provides access to published security incidents data to enable businesses to advance their understanding of cybersecurity and awareness of the threats and consequences related to cyber breaches, and, eventually, enable faster recovery from an event. RiSKI armed with the above information, employs a methodology, and develops a supporting scenario-based cyber investment tool, for quantifying the benefits of cybersecurity investments against the many ways that potential cyber risks can affect the operation of a business.