Cyber Risk Assessment

Vulnerability-threat model for cyber risk assessment

Cyber risk is an omnipresent risk in the increasingly digitized world that is known to be difficult to quantify and assess. Despite the fact that cyber risk shows distinct characteristics from conventional risks, most existing models in insurance industry have been based frequency-severity analysis which was developed for classic property and casualty risks. In contrast, the cybersecurity engineering literature employs different approaches under which cyber incidents are viewed as threats or hacker attacks acting on a particular set of vulnerabilities. There appears a gap in cyber risk modeling between engineering and actuarial science literature. This paper presents a novel vulnerability-threat model to capture this unique dynamics of cyber risk and to predict loss distributions given a particular cybersecurity profile.

Manuscript will be available online soon.

This work is supported by the Society of Actuaries’ Centers of Actuarial Excellence research grant in 2019-2021.

Runhuan Feng
Runhuan Feng

PhD, FSA, CERA

Associate Professor

Director of Actuarial Science

H.P. Petit Professorial Scholar

State Farm Companies Foundation Scholar