Cyber risk measurement with ordinal data
The paper proposes a new methodology to measure cyber risks which, instead of using quantitative loss data, often not available, employs ordinal data. The method relies on the construction of a criticality index, whose properties are discussed and compared with alternative measures employed in operational risk measurement. The methodology is illustrated on data regarding cyber attacks collected at the worldwide level. The proposed measure is found to be quite effective to rank cyber risk types. Thus, from a policy perspective, it can be useful to guide the implementation of preventive actions.
KeywordsCiticality index Cyber attacks Operational risk Ordinal data modelling
We thank the editor and two anonymous referees for useful comments and suggestions, that have improved the quality of the paper.
- Alexander C (2003) Operational risk: regulation, analysis and management. Prentice Hall, New YorkGoogle Scholar
- Bouveret A (2018) Cyber risk for the financial sector: a framework for quantitative assessment. IMF Working Paper WP/18/143, pp 1–27Google Scholar
- Cebula J, Young L (2010) On the equivalence of constrained and compound optimal designs. In: Proceedings of the fourth Berkeley symposium on mathematical statistic and probability. A taxonomy of operational cyber security risks, Technical Note CMU/SEI-2010-TN-028. Software Engineering Institute, Carnegie Mellon UniversityGoogle Scholar
- Cerchiello P, Dequarti E, Giudici P, Magni C (2010) Scorecard models to evaluate perceived quality of academic teaching. Stat Appl 8:145–155Google Scholar
- Clusit (2018) 2018 Report on ICT security in ItalyGoogle Scholar
- Cruz M (2002) Modeling, measuring and hedging operational risk. Wiley, New YorkGoogle Scholar
- Edgar T, Manz D (2017) Research methods for cyber security. Elsevier, CambridgeGoogle Scholar
- Forum WE (2018) The global risks report 2018Google Scholar
- Hubbard D, Evans D (2010) Problems with scoring methods and ordinal scales in risk assessment. J Res Dev 54:2–10Google Scholar
- Kopp E, Kaffenberger L, Wilson C (2017) Cyber risk, market failures, and financial stability. IMF Working Paper WP/17/185, pp 1–35Google Scholar