31.05.2021

Quantifying Cyber Risk

Hauptveranstaltung: WIFO Research Seminar
Veranstalter: Österreichisches Institut für Wirtschaftsforschung
Personen: Rainer Böhme
Sprache: Deutsch
Österreichisches Institut für Wirtschaftsforschung
Research question(s): How much harm results from cyber incidents? − Which security interventions effectively reduce harm? − Have these answers changed over time? • Approach: Systematization of the empirical literature in several disciplines • Data: Stock markets, financial disclosures, insurance claims, news reports (breach disclosures), technical measurements, survey responses • Main result(s): Studies disagree on the harm resulting from cyber incidents − Omitted variables and sampling biases cast doubt on many results − Indicators of exposure explain more variance than indicators of preventive security − Very little is known about systemic cyber risk Policy implication(s): The market can handle individual cyber losses, but externalities creating systemic cyber risk require policy attention. Statistical institutes should extend the collection of cyber risk indicators on a representative basis.