Wing Fung Chong, Runhuan Feng, Hins Hu, Linfeng Zhang
{"title":"资本管理的网络风险评估","authors":"Wing Fung Chong, Runhuan Feng, Hins Hu, Linfeng Zhang","doi":"10.1111/jori.12504","DOIUrl":null,"url":null,"abstract":"<p>This paper introduces a two-pillar cyber risk management framework to address the pervasive challenges in managing cyber risk. The first pillar, cyber risk assessment, combines insurance frequency-severity models with cybersecurity cascade models to capture the unique nature of cyber risk. The second pillar, cyber capital management, facilitates informed allocation of capital for a balanced cyber risk management strategy, including cybersecurity investments, insurance coverage, and reserves. A case study, based on historical cyber incident data and realistic assumptions, demonstrates the necessity of comprehensive cost–benefit analysis for budget-constrained companies with competing objectives in cyber risk management. In addition, sensitivity analysis highlights the dependence of the optimal strategy on factors such as the price of cybersecurity controls and their effectiveness. The framework's implementation across a diverse range of companies yields general insights on cyber risk management.</p>","PeriodicalId":51440,"journal":{"name":"Journal of Risk and Insurance","volume":"92 2","pages":"424-471"},"PeriodicalIF":2.1000,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cyber risk assessment for capital management\",\"authors\":\"Wing Fung Chong, Runhuan Feng, Hins Hu, Linfeng Zhang\",\"doi\":\"10.1111/jori.12504\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>This paper introduces a two-pillar cyber risk management framework to address the pervasive challenges in managing cyber risk. The first pillar, cyber risk assessment, combines insurance frequency-severity models with cybersecurity cascade models to capture the unique nature of cyber risk. The second pillar, cyber capital management, facilitates informed allocation of capital for a balanced cyber risk management strategy, including cybersecurity investments, insurance coverage, and reserves. A case study, based on historical cyber incident data and realistic assumptions, demonstrates the necessity of comprehensive cost–benefit analysis for budget-constrained companies with competing objectives in cyber risk management. In addition, sensitivity analysis highlights the dependence of the optimal strategy on factors such as the price of cybersecurity controls and their effectiveness. The framework's implementation across a diverse range of companies yields general insights on cyber risk management.</p>\",\"PeriodicalId\":51440,\"journal\":{\"name\":\"Journal of Risk and Insurance\",\"volume\":\"92 2\",\"pages\":\"424-471\"},\"PeriodicalIF\":2.1000,\"publicationDate\":\"2025-04-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Risk and Insurance\",\"FirstCategoryId\":\"96\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1111/jori.12504\",\"RegionNum\":3,\"RegionCategory\":\"经济学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"BUSINESS, FINANCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Risk and Insurance","FirstCategoryId":"96","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/jori.12504","RegionNum":3,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
This paper introduces a two-pillar cyber risk management framework to address the pervasive challenges in managing cyber risk. The first pillar, cyber risk assessment, combines insurance frequency-severity models with cybersecurity cascade models to capture the unique nature of cyber risk. The second pillar, cyber capital management, facilitates informed allocation of capital for a balanced cyber risk management strategy, including cybersecurity investments, insurance coverage, and reserves. A case study, based on historical cyber incident data and realistic assumptions, demonstrates the necessity of comprehensive cost–benefit analysis for budget-constrained companies with competing objectives in cyber risk management. In addition, sensitivity analysis highlights the dependence of the optimal strategy on factors such as the price of cybersecurity controls and their effectiveness. The framework's implementation across a diverse range of companies yields general insights on cyber risk management.
期刊介绍:
The Journal of Risk and Insurance (JRI) is the premier outlet for theoretical and empirical research on the topics of insurance economics and risk management. Research in the JRI informs practice, policy-making, and regulation in insurance markets as well as corporate and household risk management. JRI is the flagship journal for the American Risk and Insurance Association, and is currently indexed by the American Economic Association’s Economic Literature Index, RePEc, the Social Sciences Citation Index, and others. Issues of the Journal of Risk and Insurance, from volume one to volume 82 (2015), are available online through JSTOR . Recent issues of JRI are available through Wiley Online Library. In addition to the research areas of traditional strength for the JRI, the editorial team highlights below specific areas for special focus in the near term, due to their current relevance for the field.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
