Special Issue "Cyber Risk and Security"

A special issue of Risks (ISSN 2227-9091).

Deadline for manuscript submissions: closed (31 March 2021).

Special Issue Editors

Dr. Michel Dacorogna
E-Mail Website
Guest Editor
Prime Re Solutions, 6340 Baar, Switzerland
Interests: quantitative risk management; finance; insurance economics; actuarial science
Prof. Marie Kratz
E-Mail Website
Guest Editor
ESSEC Business School, CREAR risk research center, Paris - Singapore
Interests: risk analysis and management; extreme value theory; probability and statistics; actuarial mathematics

Special Issue Information

Dear Colleagues,

Cyber threats and cyber crimes have increased in recent decades, due to a rapid diffusion of new and evolving Information and Communication Technologies (ICT) such as social media, cloud computing, big data, Internet of Things (IoT), and smart cities in recent decades. Organizations have delayed the adoption of big data and the cloud due to real and perceived cyber threats associated with such technologies. (Re)insurance are asked to insure cyber risks, but it is a hot ongoing research topic as today there is no clear view on how to model cyber risk and hence how to price it. The importance of cyber security for organizations is growing. Cyber security entails being able to be able to create a typology of cyber offenses and cyber risks and to analyze them in order to be able to manage them (to minimize and prevent cyber attack risks facing a company or an organization).

Research on cyber risks and security is by nature multi-disciplinary and involves researchers from data analytics, economics, finance, forensic science, information systems, IT, management science, and mathematics. The journal Risks offers an ideal platform to gather forefront research from different fields on the complex subject of cyber risk and security. This Special Issue aims at publishing high-quality papers focused on quantitative analysis and management on this topic.

Our ambition is to offer a discussion of the state-of-the-art and introduce new theoretical or/and practical developments in this field. We welcome papers related to, but not limited to, the following topics (in alphabetic order):

  • Artificial intelligence and cyber risk and security;
  • Crypto-currencies and cyber security;
  • Cyber forensics;
  • Cyber risk scenarios;
  • Cyber (re)insurance;
  • Cyber security/resilience metrics and their measurements;
  • Data analytics of cyber crimes;
  • Data anonymization and security algorithms;
  • Hedging of cyber risk;
  • Modeling of cyber risks;
  • Strategies (economics, IT) for cyber resilience or security;
  • Systemic cyber risk;
  • Text data mining and cyber risk and security.

We welcome joint contributions by authors from different fields.

Dr. Michel Dacorogna
Prof. Marie Kratz
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Risks is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (4 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Article
Observable Cyber Risk on Cournot Oligopoly Data Storage Markets
Risks 2020, 8(4), 119; https://doi.org/10.3390/risks8040119 - 12 Nov 2020
Viewed by 725
Abstract
With the emergence of global digital service providers, concerns about digital oligopolies have increased, with a wide range of potentially harmful effects being discussed. One of these relates to cyber security, where it has been argued that market concentration can increase cyber risk. [...] Read more.
With the emergence of global digital service providers, concerns about digital oligopolies have increased, with a wide range of potentially harmful effects being discussed. One of these relates to cyber security, where it has been argued that market concentration can increase cyber risk. Such a state of affairs could have dire consequences for insurers and reinsurers, who underwrite cyber risk and are already very concerned about accumulation risk. Against this background, the paper develops some theory about how convex cyber risk affects Cournot oligopoly markets of data storage. It is demonstrated that with constant or increasing marginal production cost, the addition of increasing marginal cyber risk cost decreases the differences between the optimal numbers of records stored by the oligopolists, in effect offsetting the advantage of lower marginal production cost. Furthermore, based on the empirical literature on data breach cost, two possibilities are found: (i) that such cyber risk exhibits decreasing marginal cost in the number of records stored and (ii) the opposite possibility that such cyber risk instead exhibits increasing marginal cost in the number of records stored. The article is concluded with a discussion of the findings and some directions for future research. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Criminal Investigation and Criminal Intelligence: Example of Adaptation in the Prevention and Repression of Cybercrime
Risks 2020, 8(3), 99; https://doi.org/10.3390/risks8030099 - 18 Sep 2020
Viewed by 1202
Abstract
In the context of the digitization of delinquent activities, perpetrated via the internet, the question of the most appropriate means of crime prevention and crime repression is once again being raised. Studies performed on police investigations have highlighted the over-determining nature of circumstantial [...] Read more.
In the context of the digitization of delinquent activities, perpetrated via the internet, the question of the most appropriate means of crime prevention and crime repression is once again being raised. Studies performed on police investigations have highlighted the over-determining nature of circumstantial factors in crime as a condition for their elucidation for more than fifty years. The emergence of mass delinquency, such as cybercrime, has thus strongly altered the role of investigation as a useful mode of knowledge production. This obsolescence has appeared gradually and can be summarized in four stages, which generates a suspicion about the social relevance of the investigation. It seems that the holistic approach of criminal intelligence is more adapted to the fight against new forms of crime. The investigation becomes a precision instrument assigned to functions that become more specific. This article considers this paradigm shift by the approaches to knowledge management of crime control. Cybercrime is then emblematic of this shift. This study is based on the criminological review and the delinquency analysis led by the central criminal intelligence service of the national gendarmerie. Its premise may likely guide the strategy of French law enforcement agencies. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
A Multivariate Model to Quantify and Mitigate Cybersecurity Risk
Risks 2020, 8(2), 61; https://doi.org/10.3390/risks8020061 - 04 Jun 2020
Cited by 3 | Viewed by 1104
Abstract
The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss and choosing mitigation strategies use simplifying assumptions and are often not supported by cyber attack data. In this paper, we present a multivariate model for different, dependent types [...] Read more.
The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss and choosing mitigation strategies use simplifying assumptions and are often not supported by cyber attack data. In this paper, we present a multivariate model for different, dependent types of attack and the effect of mitigation strategies on those attacks. Utilising collected cyber attack data and assumptions on mitigation approaches, we look at an example of using the model to optimise the choice of mitigations. We find that the optimal choice of mitigations will depend on the goal—to prevent extreme damages or damage on average. Numerical experiments suggest the dependence aspect is important and can alter final risk estimates by as much as 30%. The methodology can be used to quantify the cost of cyber attacks and support decision making on the choice of optimal mitigation strategies. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Towards an Economic Cyber Loss Index for Parametric Cover Based on IT Security Indicator: A Preliminary Analysis
Risks 2020, 8(2), 45; https://doi.org/10.3390/risks8020045 - 08 May 2020
Cited by 1 | Viewed by 954
Abstract
As cyber events have virtually no geographical limitations and can result in economic losses on a global scale, the assessment of return periods for such economic losses is currently debated among experts. The potential accumulation of consequential insurance losses due to intrusions or [...] Read more.
As cyber events have virtually no geographical limitations and can result in economic losses on a global scale, the assessment of return periods for such economic losses is currently debated among experts. The potential accumulation of consequential insurance losses due to intrusions or viruses is one of the major reasons why the (re-)insurance industry has limited risk appetite for cyber related risks. In order to increase the risk appetite for cyber risk and based on a first batch of data provided by Symantec, the goal of this article is to: Check if IT activity, i.e., the number of virus or intrusions being blocked by Norton on end-user computers could be used as an index for parametric covers that reinsurance companies could propose to their cedants; Look into the correlations of this IT activity across different regions, thereby confirming the absence of geographical limitations for cyber risk, and hence confirming the systemic nature of this risk. This first study on the Symantec dataset shows that a cyber index based on IT activity could be a useful tool to design parametric reinsurance product. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Back to TopTop