Special Issue "Cyber Risk and Security"

A special issue of Risks (ISSN 2227-9091).

Deadline for manuscript submissions: closed (30 April 2022) | Viewed by 12309

Special Issue Editors

Dr. Michel Dacorogna
E-Mail Website
Guest Editor
Prime Re Solutions, 6340 Baar, Switzerland
Interests: quantitative risk management; finance; insurance economics; actuarial science
Prof. Marie Kratz
E-Mail Website
Guest Editor
ESSEC Business School, CREAR Risk Research Center, Paris, France
Interests: risk analysis and management; extreme value theory; probability and statistics; actuarial mathematics

Special Issue Information

Dear Colleagues,

Cyber threats and cyber crimes have increased in recent decades, due to a rapid diffusion of new and evolving Information and Communication Technologies (ICT) such as social media, cloud computing, big data, Internet of Things (IoT), and smart cities in recent decades. Organizations have delayed the adoption of big data and the cloud due to real and perceived cyber threats associated with such technologies. (Re)insurance are asked to insure cyber risks, but it is a hot ongoing research topic as today there is no clear view on how to model cyber risk and hence how to price it. The importance of cyber security for organizations is growing. Cyber security entails being able to be able to create a typology of cyber offenses and cyber risks and to analyze them in order to be able to manage them (to minimize and prevent cyber attack risks facing a company or an organization).

Research on cyber risks and security is by nature multi-disciplinary and involves researchers from data analytics, economics, finance, forensic science, information systems, IT, management science, and mathematics. The journal Risks offers an ideal platform to gather forefront research from different fields on the complex subject of cyber risk and security. This Special Issue aims at publishing high-quality papers focused on quantitative analysis and management on this topic.

Our ambition is to offer a discussion of the state-of-the-art and introduce new theoretical or/and practical developments in this field. We welcome papers related to, but not limited to, the following topics (in alphabetic order):

  • Artificial intelligence and cyber risk and security;
  • Crypto-currencies and cyber security;
  • Cyber forensics;
  • Cyber risk scenarios;
  • Cyber (re)insurance;
  • Cyber security/resilience metrics and their measurements;
  • Data analytics of cyber crimes;
  • Data anonymization and security algorithms;
  • Hedging of cyber risk;
  • Modeling of cyber risks;
  • Strategies (economics, IT) for cyber resilience or security;
  • Systemic cyber risk;
  • Text data mining and cyber risk and security.

We welcome joint contributions by authors from different fields.

Dr. Michel Dacorogna
Prof. Marie Kratz
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Risks is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research

Editorial
Special Issue “Cyber Risk and Security”
Risks 2022, 10(6), 112; https://doi.org/10.3390/risks10060112 - 28 May 2022
Viewed by 732
Abstract
The COVID-19 pandemic and now the war in Ukraine, have raised the risks to levels not seen in the last 30 years [...] Full article
(This article belongs to the Special Issue Cyber Risk and Security)

Research

Jump to: Editorial

Article
Security Threats in Intelligent Transportation Systems and Their Risk Levels
Risks 2022, 10(5), 91; https://doi.org/10.3390/risks10050091 - 21 Apr 2022
Cited by 1 | Viewed by 764
Abstract
Intelligent Transport Systems (ITSs) are part of road transportation sector evolution and constitute one of the main steps towards vehicle automation. These systems use technologies that allow vehicles to communicate with each other or with road infrastructure. By increasing information quality and reliability, [...] Read more.
Intelligent Transport Systems (ITSs) are part of road transportation sector evolution and constitute one of the main steps towards vehicle automation. These systems use technologies that allow vehicles to communicate with each other or with road infrastructure. By increasing information quality and reliability, ITSs can improve road safety and traffic efficiency, but only if cybersecurity and data protection is ensured. With the increase in the number of cyberattacks around the world, cybersecurity is receiving increased attention, especially in the area of transportation security. However, it is equally important to examine and analyze security in depth when it concerns connected vehicles. In this paper, we propose a qualitative risk analysis of ITSs based on Threat, Risk, Vulnerability Analysis (TVRA) methodology, and we focus on ETSI ITS communication architecture. We present a review of solutions and countermeasures for identified critical attacks. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Cyber Insurance Ratemaking: A Graph Mining Approach
Risks 2021, 9(12), 224; https://doi.org/10.3390/risks9120224 - 06 Dec 2021
Cited by 1 | Viewed by 949
Abstract
Cyber insurance ratemaking (CIRM) is a procedure used to set rates (or prices) for cyber insurance products provided by insurance companies. Rate estimation is a critical issue for cyber insurance products. This problem arises because of the unavailability of actuarial data and the [...] Read more.
Cyber insurance ratemaking (CIRM) is a procedure used to set rates (or prices) for cyber insurance products provided by insurance companies. Rate estimation is a critical issue for cyber insurance products. This problem arises because of the unavailability of actuarial data and the uncertainty of normative standards of cyber risk. Most cyber risk analyses do not consider the connection between Information Communication and Technology (ICT) sources. Recently, a cyber risk model was developed that considered the network structure. However, the analysis of this model remains limited to an unweighted network. To address this issue, we propose using a graph mining approach (GMA) to CIRM, which can be applied to obtain fair and competitive prices based on weighted network characteristics. This study differs from previous studies in that it adds the GMA to CIRM and uses communication models to explain the frequency of communications as weights in the network. We used the heterogeneous generalized susceptible-infectious-susceptible model to accommodate different infection rates. Our approach adds up to the existing method because it considers the communication frequency and GMA in CIRM. This approach results in heterogeneous premiums. Additionally, GMA can choose more active communications to reflect high communications contribution in the premiums or rates. This contribution is not found when the infection rates are the same. Based on our experimental results, it is apparent that this method can produce more reasonable and competitive prices than other methods. The prices obtained with GMA and communication factors are lower than those obtained without GMA and communication factors. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Cyber Risk Quantification: Investigating the Role of Cyber Value at Risk
Risks 2021, 9(10), 184; https://doi.org/10.3390/risks9100184 - 18 Oct 2021
Cited by 2 | Viewed by 1058
Abstract
The aim of this paper is to deepen the application of value at risk in the cyber domain, with particular attention to its potential role in security investment valuation. Cyber risk is a fundamental component of the overall risk faced by any organization. [...] Read more.
The aim of this paper is to deepen the application of value at risk in the cyber domain, with particular attention to its potential role in security investment valuation. Cyber risk is a fundamental component of the overall risk faced by any organization. In order to plan the size of security investments and to estimate the consequent risk reduction, managers strongly need to quantify it. Accordingly, they can decide about the possibility of sharing residual risk with a third party, such as an insurance company. Recently, cyber risk management techniques are including some risk quantile-based measures that are widely employed in the financial domain. They refer to value at risk that, in the cyber context, takes the name of cyber value at risk (Cy-VaR). In this paper, the main features and challenging issues of Cy-VaR are examined. The possible use of this risk measure in supporting investment decisions in cyber context is discussed, and new risk-based security metrics are proposed. Some simple examples are given to show their potential. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Observable Cyber Risk on Cournot Oligopoly Data Storage Markets
Risks 2020, 8(4), 119; https://doi.org/10.3390/risks8040119 - 12 Nov 2020
Cited by 1 | Viewed by 946
Abstract
With the emergence of global digital service providers, concerns about digital oligopolies have increased, with a wide range of potentially harmful effects being discussed. One of these relates to cyber security, where it has been argued that market concentration can increase cyber risk. [...] Read more.
With the emergence of global digital service providers, concerns about digital oligopolies have increased, with a wide range of potentially harmful effects being discussed. One of these relates to cyber security, where it has been argued that market concentration can increase cyber risk. Such a state of affairs could have dire consequences for insurers and reinsurers, who underwrite cyber risk and are already very concerned about accumulation risk. Against this background, the paper develops some theory about how convex cyber risk affects Cournot oligopoly markets of data storage. It is demonstrated that with constant or increasing marginal production cost, the addition of increasing marginal cyber risk cost decreases the differences between the optimal numbers of records stored by the oligopolists, in effect offsetting the advantage of lower marginal production cost. Furthermore, based on the empirical literature on data breach cost, two possibilities are found: (i) that such cyber risk exhibits decreasing marginal cost in the number of records stored and (ii) the opposite possibility that such cyber risk instead exhibits increasing marginal cost in the number of records stored. The article is concluded with a discussion of the findings and some directions for future research. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Criminal Investigation and Criminal Intelligence: Example of Adaptation in the Prevention and Repression of Cybercrime
Risks 2020, 8(3), 99; https://doi.org/10.3390/risks8030099 - 18 Sep 2020
Cited by 1 | Viewed by 2060
Abstract
In the context of the digitization of delinquent activities, perpetrated via the internet, the question of the most appropriate means of crime prevention and crime repression is once again being raised. Studies performed on police investigations have highlighted the over-determining nature of circumstantial [...] Read more.
In the context of the digitization of delinquent activities, perpetrated via the internet, the question of the most appropriate means of crime prevention and crime repression is once again being raised. Studies performed on police investigations have highlighted the over-determining nature of circumstantial factors in crime as a condition for their elucidation for more than fifty years. The emergence of mass delinquency, such as cybercrime, has thus strongly altered the role of investigation as a useful mode of knowledge production. This obsolescence has appeared gradually and can be summarized in four stages, which generates a suspicion about the social relevance of the investigation. It seems that the holistic approach of criminal intelligence is more adapted to the fight against new forms of crime. The investigation becomes a precision instrument assigned to functions that become more specific. This article considers this paradigm shift by the approaches to knowledge management of crime control. Cybercrime is then emblematic of this shift. This study is based on the criminological review and the delinquency analysis led by the central criminal intelligence service of the national gendarmerie. Its premise may likely guide the strategy of French law enforcement agencies. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
A Multivariate Model to Quantify and Mitigate Cybersecurity Risk
Risks 2020, 8(2), 61; https://doi.org/10.3390/risks8020061 - 04 Jun 2020
Cited by 8 | Viewed by 1730
Abstract
The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss and choosing mitigation strategies use simplifying assumptions and are often not supported by cyber attack data. In this paper, we present a multivariate model for different, dependent types [...] Read more.
The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss and choosing mitigation strategies use simplifying assumptions and are often not supported by cyber attack data. In this paper, we present a multivariate model for different, dependent types of attack and the effect of mitigation strategies on those attacks. Utilising collected cyber attack data and assumptions on mitigation approaches, we look at an example of using the model to optimise the choice of mitigations. We find that the optimal choice of mitigations will depend on the goal—to prevent extreme damages or damage on average. Numerical experiments suggest the dependence aspect is important and can alter final risk estimates by as much as 30%. The methodology can be used to quantify the cost of cyber attacks and support decision making on the choice of optimal mitigation strategies. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Article
Towards an Economic Cyber Loss Index for Parametric Cover Based on IT Security Indicator: A Preliminary Analysis
Risks 2020, 8(2), 45; https://doi.org/10.3390/risks8020045 - 08 May 2020
Cited by 3 | Viewed by 1318
Abstract
As cyber events have virtually no geographical limitations and can result in economic losses on a global scale, the assessment of return periods for such economic losses is currently debated among experts. The potential accumulation of consequential insurance losses due to intrusions or [...] Read more.
As cyber events have virtually no geographical limitations and can result in economic losses on a global scale, the assessment of return periods for such economic losses is currently debated among experts. The potential accumulation of consequential insurance losses due to intrusions or viruses is one of the major reasons why the (re-)insurance industry has limited risk appetite for cyber related risks. In order to increase the risk appetite for cyber risk and based on a first batch of data provided by Symantec, the goal of this article is to: Check if IT activity, i.e., the number of virus or intrusions being blocked by Norton on end-user computers could be used as an index for parametric covers that reinsurance companies could propose to their cedants; Look into the correlations of this IT activity across different regions, thereby confirming the absence of geographical limitations for cyber risk, and hence confirming the systemic nature of this risk. This first study on the Symantec dataset shows that a cyber index based on IT activity could be a useful tool to design parametric reinsurance product. Full article
(This article belongs to the Special Issue Cyber Risk and Security)
Show Figures

Figure 1

Back to TopTop