P. Shevchenko, Jiwook Jang, Matteo Malavasi, G. Peters, G. Sofronov, S. Trück
{"title":"Quantification of Cyber Risk – Risk Categories and Business Sectors","authors":"P. Shevchenko, Jiwook Jang, Matteo Malavasi, G. Peters, G. Sofronov, S. Trück","doi":"10.2139/ssrn.3858608","DOIUrl":"https://doi.org/10.2139/ssrn.3858608","url":null,"abstract":"This white paper presents analysis of Advisen Cyber Loss dataset (www.advisenltd.com/data/cyber-loss-data/) containing a historical view of cyber events, collected from reliable and publicly verifiable sources. The dataset analyzed in this study comprehends 132,126 cyber events during 2008-2020, affecting 49,496 organizations, with more than 80% of the organizations represented in the dataset residing in the USA. A summary of the findings is provided as follows:<br><br>- Currently, data collection and databases on losses from cyber events have an unbalanced recording of samples with the strongest emphasis on developing the US. centric data collection. However, cyber risk is international in nature affecting both commercial and private industry as well as government agencies across all sectors of the economy. Therefore, we advocate that a concerted effort be made to develop an adequate measurement and modelling process for cyber-related risks in the domestic landscape, there is a strong need and utility to be gained by collecting such data specifically for Australia. <br><br>- There are many cyber risk classifications, each designed with specific intent, purpose, and which build on pre-existing laws and policies. Enterprises and market participants should adopt the cyber risk classification that best fits their needs; standardisation within sectors makes sense but standardisation across different sectors may be ineffective. <br><br>- Over 60% of companies that recorded cyber-related losses have suffered from cyber-attacks more than once in the period 2008-2020. This suggests that governance processes relating to mitigation of such events can significantly be enhanced and that regulation and reporting around best practices as it emerges could help mitigate repeated events of the same nature from reoccurring.<br>- Losses from cyber related events are heavy-tailed. This means that while the majority of losses is typically relatively small (85% of events cause losses <$2 million), there is a chance for extreme losses, e.g. 5% of losses exceed $10 million, while 1.4% of cyber-related losses even exceed $100 million, and 0.17% of events cause losses >$1 billion.<br><br>- There is no distinct pattern or clear-cut relationship between the frequency of events, the loss severity, and the number of affected records. Contrary to assumptions often made in practice, the reported loss databases don’t demonstrate a direct proportional relationship between total loss incurred from a cyber event and attributes from the event such as the number of compromised records (data records breached or stolen), the number of employees in a corporation or the number of units of a company affected. This finding shows that all companies, no matter the volume or size of data record can be susceptible to significant incurred loss from cyber events.<br><br>- The frequency and severity of the events depend on the business sector and type of cyber threat.<br><br>- It is clear that ev","PeriodicalId":118928,"journal":{"name":"PSN: Cyber-Conflict (Inter-State) (Topic)","volume":"136 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120926911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Prevention of Crimes in the Digital Economy","authors":"D. Ivanov, Anastasia Sachek","doi":"10.2139/ssrn.3853203","DOIUrl":"https://doi.org/10.2139/ssrn.3853203","url":null,"abstract":"In this article, the authors pay attention to the processes of digitalization of the economy and the growth of crime in the digital economy. The reasons for the latency of cybercrime, the problems of qualifying crimes committed in the IT sphere, and their classification are considered. The authors propose specific measures aimed at preventing crimes in the digital economy.","PeriodicalId":118928,"journal":{"name":"PSN: Cyber-Conflict (Inter-State) (Topic)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125143798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Warring from the Virtual to the Real: Assessing the Public's Threshold for War on Cyber Security","authors":"S. Kreps, Debak Das","doi":"10.2139/ssrn.2899423","DOIUrl":"https://doi.org/10.2139/ssrn.2899423","url":null,"abstract":"Are military strikes ever a justifiable response to a cyber security attack? Does the certainty of attribution matter? Or the nature of the attack itself a better determinants of attitudes about retaliation? We answer these questions with an original survey experiment that uncovers the public's response to varying intensities and degrees of attribution regarding a range of cyber attacks. In a democratic setting, how the public responds to different types of cyber attacks has important implications, as it shapes the incentives for whether and how leaders to respond with the use of force. It therefore has significant implications for a world with increasing offensive cyber capabilities and only nascent international norms in a governing them.","PeriodicalId":118928,"journal":{"name":"PSN: Cyber-Conflict (Inter-State) (Topic)","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122876324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The Private Sector Role in Offensive Cyber Operations: Benefits, Issues and Challenges","authors":"Irving Lachow","doi":"10.2139/ssrn.2836201","DOIUrl":"https://doi.org/10.2139/ssrn.2836201","url":null,"abstract":"This paper explores the role that companies play in supporting offensive cyber operations. It finds that contractors play critical roles in two key functions: intelligence/reconnaissance and planning/mission support. The reliance of the U.S. military on cyber contractors brings both benefits and risks. Benefits include access to rapidly evolving technologies and the ability to obtain access to in-demand skills sets quickly and easily. Challenges fall into two categories: domestic policy and international relations. In the former case, the main issues are over-reliance on non-government personnel and challenges in oversight of cyber contractors, which could result in undesirable financial and strategic outcomes. Within the international arena, cyber contractors may affect the balance of power of states. The most likely outcome is that the use of contractors will exacerbate existing power discrepancies between developed and developing countries. However, it is possible that wealthy but less developed states could rely on private sector capability to quickly develop their cyber attack capabilities. Another issue that may affect international relations is uncertainty about the legal status of cyber contractors as combatants. A final concern surrounds the observation that companies may find themselves on both sides of a cyber operation. To accrue the benefits and address the challenges posed by contractor support to offensive cyber operations, several actions should be taken. There needs to be a public debate about the proper role of cyber contractors in military operations. Companies should have a voice in this debate due to their increasingly important role in cyberspace. In addition, the US government and international community must provide guidance to cyber contractors on the role that they should play in offensive cyber operations. Export controls are helpful but they are blunt tools that often bring heavy costs and do not always accomplish their desired outcomes. More precise direction is needed, most likely beginning with norms of behavior.","PeriodicalId":118928,"journal":{"name":"PSN: Cyber-Conflict (Inter-State) (Topic)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117105754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Combating Complexity: Offensive Cyber Capabilities and Integrated Warfighting","authors":"Drew Herrick, Trey Herr","doi":"10.2139/ssrn.2845709","DOIUrl":"https://doi.org/10.2139/ssrn.2845709","url":null,"abstract":"Despite recent work challenging offense dominance in cyberspace, scholars and policymakers still view offensive operations as dominating defense. Why do these sides come to very different conclusions about the nature and utility of offensive cyber capabilities? Disagreements are due to a poor specification of the logic of offense dominance and scope conditions. Offensive advantage is taken as axiomatic, generalizable to every instance of conflict. Advantage is then assumed to directly translate into battlefield effectiveness. Operations should instead be viewed as an interaction between offense and defense. Defensive actors have agency and the role of countermeasures in imposing cost and delay on attackers is under-theorized. Design and deployment processes are complex, costly, and vulnerable. Attacks against high-value targets require significant time, skill, and information. Operational complexity is even greater when cyber operations are properly understood in integrated war-fighting.","PeriodicalId":118928,"journal":{"name":"PSN: Cyber-Conflict (Inter-State) (Topic)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128474194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
