File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: Cyber risk assessment for capital management

TitleCyber risk assessment for capital management
Authors
Chong, Wing FungFeng, RunhuanHu, HinsZhang, Linfeng
Keywordscascade model
cyber capital management
cyber risk assessment
cybersecurity investment
insurance coverage and reserve
Issue Date2025
Citation
Journal of Risk and Insurance, 2025, v. 92, n. 2, p. 424-471 How to Cite?
DOI: http://dx.doi.org/10.1111/jori.12504
AbstractThis paper introduces a two-pillar cyber risk management framework to address the pervasive challenges in managing cyber risk. The first pillar, cyber risk assessment, combines insurance frequency-severity models with cybersecurity cascade models to capture the unique nature of cyber risk. The second pillar, cyber capital management, facilitates informed allocation of capital for a balanced cyber risk management strategy, including cybersecurity investments, insurance coverage, and reserves. A case study, based on historical cyber incident data and realistic assumptions, demonstrates the necessity of comprehensive cost–benefit analysis for budget-constrained companies with competing objectives in cyber risk management. In addition, sensitivity analysis highlights the dependence of the optimal strategy on factors such as the price of cybersecurity controls and their effectiveness. The framework's implementation across a diverse range of companies yields general insights on cyber risk management.
Persistent Identifierhttp://hdl.handle.net/10722/363018
ISSN
0022-4367
2023 Impact Factor: 2.1
2023 SCImago Journal Rankings: 1.203

 

DC FieldValueLanguage
dc.contributor.authorChong, Wing Fung-
dc.contributor.authorFeng, Runhuan-
dc.contributor.authorHu, Hins-
dc.contributor.authorZhang, Linfeng-
dc.date.accessioned2025-10-10T07:44:05Z-
dc.date.available2025-10-10T07:44:05Z-
dc.date.issued2025-
dc.identifier.citationJournal of Risk and Insurance, 2025, v. 92, n. 2, p. 424-471-
dc.identifier.issn0022-4367-
dc.identifier.urihttp://hdl.handle.net/10722/363018-
dc.description.abstractThis paper introduces a two-pillar cyber risk management framework to address the pervasive challenges in managing cyber risk. The first pillar, cyber risk assessment, combines insurance frequency-severity models with cybersecurity cascade models to capture the unique nature of cyber risk. The second pillar, cyber capital management, facilitates informed allocation of capital for a balanced cyber risk management strategy, including cybersecurity investments, insurance coverage, and reserves. A case study, based on historical cyber incident data and realistic assumptions, demonstrates the necessity of comprehensive cost–benefit analysis for budget-constrained companies with competing objectives in cyber risk management. In addition, sensitivity analysis highlights the dependence of the optimal strategy on factors such as the price of cybersecurity controls and their effectiveness. The framework's implementation across a diverse range of companies yields general insights on cyber risk management.-
dc.languageeng-
dc.relation.ispartofJournal of Risk and Insurance-
dc.subjectcascade model-
dc.subjectcyber capital management-
dc.subjectcyber risk assessment-
dc.subjectcybersecurity investment-
dc.subjectinsurance coverage and reserve-
dc.titleCyber risk assessment for capital management-
dc.typeArticle-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1111/jori.12504-
dc.identifier.scopuseid_2-s2.0-105003269299-
dc.identifier.volume92-
dc.identifier.issue2-
dc.identifier.spage424-
dc.identifier.epage471-
dc.identifier.eissn1539-6975-

Export via OAI-PMH Interface in XML Formats

OR

Export to Other Non-XML Formats