0

We model the risk posed by a malicious cyber-attacker seeking to induce grid insecurity means of load redistribution attack, while explicitly acknowledging that such an actor would plausibly base its decision strategy on imperfect information. More specifically, we introduce novel formulation for cyber-attacker’s decision-making problem and analyze distribution decisions taken with randomly ina...

When undertaking cyber security risk assessments, we must assign numeric values to metrics to compute the final expected loss that represents the risk that an organization is exposed to due to cyber threats. Even if risk assessment is motivated from real-world observations and data, there is always a high chance of assigning inaccurate values due to different uncertainties involved (e.g., evolv...

Cyber risks are an important point on the business agenda in every company, but they are difficult to assess due to the absence of reliable data and profound analyses. To improve this situation, we identify cyber losses from an operational risk database and analyze these with methods from the field of actuarial science. Specifically, we apply operational risk models in order to yield consistent...

Security games are characterized by multiple players who strategically adjust their defenses against an abstract attacker, represented by realizations of nature. The defense strategies include both actions where security generates positive externalities and actions that do not. When the players are assumed to be risk averse, market insurance enters as a third strategic option. We formulate a on...

Resilience denotes an organization’s ability to adjust effectively to the multifaceted impact of internal and external events over a significant time period. To be resilient, an organisation must be able to deal with unexpected and disruptive events as well as to understand the longer term impact of such events. In the Financial Services domain this translates into the ability to identify and s...

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws...

Cyber attacks are an emerging threat to critical infrastructure systems worldwide. We focus on water, recognizing that water is vital for human health and to the function of other critical infrastructures. A cyber attack targets control and monitoring systems of a water utility, known as supervisory control and data acquisition (SCADA) systems, and disrupts water operations. Current research is...

Terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional physical attacks. More recently, terrorists have been developing a new form of capability within the cyber-arena to coordinate cyber-based attacks. This paper identifies that cyber-terrorism capabilities are an integral, imperative, yet under-researched component in establish...