Advanced search
Publication Cover
Scandinavian Actuarial Journal Volume 2024, 2024 - Issue 6
Submit an article Journal homepage
248
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Cyber risk modeling: a discrete multivariate count process approach

Yang Lua Department of Mathematics and Statistics, Concordia University, Montreal, QC, Canada
,
Jinggong Zhangb Division of Banking & Finance, Nanyang Business School, Nanyang Technological University, Singapore
&
Wenjun Zhub Division of Banking & Finance, Nanyang Business School, Nanyang Technological University, SingaporeCorrespondence[email protected]
Pages 625-655 | Received 01 Feb 2023, Accepted 26 Nov 2023, Published online: 02 Jan 2024

References

  • Aït-Sahalia Y., Laeven R. J. & Pelizzon L. (2014). Mutual excitation in Eurozone sovereign CDS. Journal of Econometrics 183(2), 151–167.
  • Bailey T., Del Miglio A. & Richter W. (2014). The rising strategic risks of cyberattacks. Technical report, McKinsey & Company.
  • Bessy-Roland Y., Boumezoued A. & Hillairet C. (2021). Multivariate Hawkes process for cyber insurance. Annals of Actuarial Science 15(1), 14–39.
  • Best A. M. (2019). Cyber insurance: profitability less certain as new risks emerge. Technical report, Best's Market Segment Report.
  • Biener C., Eling M. & Wirfs J. H. (2015). Insurability of cyber risk: an empirical analysis. Geneva Papers on Risk and Insurance-Issues and Practice 40(1), 131–158.
  • Böhme R. & Kataria G. (2006). Models and measures for correlation in cyber-insurance. NYU Stern Working paper.
  • Boudreault M. & Charpentier A. (2011). Multivariate integer-valued autoregressive models applied to earthquake counts. arXiv preprint arXiv:1112.0929.
  • Carr P., Geman H., Madan D. B. & Yor M. (2002). The fine structure of asset returns: an empirical investigation. Journal of Business 75(2), 305–333.
  • Carrasco M. & Florens J.-P. (2000). Generalization of GMM to a continuum of moment conditions. Econometric Theory 16(6), 797–834.
  • Catania L. & Di Mari R. (2021). Hierarchical Markov–Switching models for multivariate integer-valued time-series. Journal of Econometrics 221(1), 118–137.
  • Cebula J. L. & Young L. R. (2010). A taxonomy of operational cyber security risks. Technical report, Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst.
  • Chavez-Demoulin V., Davison A. C. & McNeil A. J. (2005). Estimating value-at-risk: a point process approach. Quantitative Finance 5(2), 227–234.
  • Chavez-Demoulin V., Embrechts P. & Hofert M. (2016). An extreme value approach for modeling operational risk losses depending on covariates. Journal of Risk and Insurance 83(3), 735–776.
  • Christoph G. & Schreiber K. (1998). Discrete stable random variables. Statistics & Probability Letters37(3), 243–247.
  • Cummins J. D., Lewis C. M. & Wei R. (2006). The market value impact of operational loss events for US banks and insurers. Journal of Banking & Finance 30(10), 2605–2634.
  • Darolles S., Gourieroux C. & Jasiak J. (2006). Structural Laplace transform and compound autoregressive models. Journal of Time Series Analysis 27(4), 477–503.
  • Darolles S., Le Fol G., Lu Y. & Sun R. (2019). Bivariate integer-autoregressive process with an application to mutual fund flows. Journal of Multivariate Analysis 173, 181–203.
  • Davis R. A., Fokianos K., Holan S. H., Joe H., Livsey J., Lund R., Pipiras V. & Ravishanker N. (2021). Count time series: a methodological review. Journal of the American Statistical Association 116(535), 1533–1547.
  • Denuit M. & Lu Y. (2021). Wishart-gamma random effects models with applications to nonlife insurance. Journal of Risk and Insurance 88(2), 443–481.
  • Edwards B., Hofmeyr S. & Forrest S. (2016). Hype and heavy tails: a closer look at data breaches. Journal of Cybersecurity 2(1), 3–14.
  • El-Shaarawi A. H., Zhu R. & Joe H. (2011). Modelling species abundance using the Poisson–Tweedie family. Environmetrics 22(2), 152–164.
  • Eling M. & Jung K. (2018). Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance: Mathematics and Economics 82, 167–180.
  • Eling M. & Loperfido N. (2017). Data breaches: goodness of fit, pricing, and risk measurement. Insurance: Mathematics and Economics 75, 126–136.
  • Eling M. & Schnell W. (2020). Capital requirements for cyber risk and cyber risk insurance: an analysis of solvency II, the US risk-based capital standards, and the Swiss Solvency test. North American Actuarial Journal 24(3), 370–392.
  • Eling M. & Wirfs J. (2019). What are the actual costs of cyber risk events? European Journal of Operational Research 272(3), 1109–1119.
  • Embrechts P., Liniger T. & Lin L. (2011). Multivariate Hawkes processes: an application to financial data. Journal of Applied Probability 48(A), 367–378.
  • Fahrenwaldt M. A., Weber S. & Weske K. (2018). Pricing of cyber insurance contracts in a network model. ASTIN Bulletin 48(3), 1175–1218.
  • Falco G., Eling M., Jablanski D., Weber M., Miller V., Gordon L. A., Wang S. S., Schmit J., Thomas R. & Elvedi M., et al. (2019). Cyber risk research impeded by disciplinary barriers. Science 366(6469), 1066–1069.
  • Farkas S., Lopez O. & Thomas M. (2021). Cyber claim analysis using generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics 98, 92–105.
  • FitchRatings, (2021). Sharply rising cyber insurance claims signal further risk challenges.
  • Fokianos K., Støve B., Tjøstheim D. & Doukhan P. (2020). Multivariate count autoregression. Bernoulli26(1), 471–499.
  • Furman E., Hackmann D. & Kuznetsov A. (2020). On log-normal convolutions: an analytical–numerical method with applications to economic capital determination. Insurance: Mathematics and Economics90, 120–134.
  • Gartner, (2021). Gartner forecasts worldwide security and risk management spending to exceed $150 billion in 2021. Gartner Press Release
  • Gatzert N. & Kolb A. (2014). Risk measurement and management of operational risk in insurance companies from an enterprise perspective. Journal of Risk and Insurance 81(3), 683–708.
  • Genest C. & Nešlehová J. (2007). A primer on copulas for count data. ASTIN Bulletin 37(2), 475–515.
  • The Geneva Association, (2016). Ten key questions on cyber risk and cyber risk insurance. Technical report, The Geneva Association, Zurich.
  • Gouriéroux C. & Lu Y. (2019). Negative binomial autoregressive process with stochastic intensity. Journal of Time Series Analysis 40(2), 225–247.
  • Gourieroux C., Monfort A. & Polimenis V. (2006). Affine models for credit risk analysis. Journal of Financial Econometrics 4(3), 494–530.
  • Hall A. R. (2005). Generalized method of moments. Oxford: Oxford University Press.
  • Hansen L. P. (1982). Large sample properties of generalized method of moments estimators. Econometrica50(4), 1029–1054.
  • Heinen A. & Rengifo E. (2007). Multivariate autoregressive modeling of time series count data using copulas. Journal of Empirical Finance 14(4), 564–583.
  • Hillairet C. & Lopez O. (2021). Propagation of cyber incidents in an insurance portfolio: counting processes combined with compartmental epidemiological models. Scandinavian Actuarial Journal2021(8), 671–694.
  • Hougaard P. (1986). Survival models for heterogeneous populations derived from stable distributions. Biometrika 73(2), 387–396.
  • IBM, (2020). Cost of a data breach report. Technical report, IBM Security.
  • Jacobs J. (2014). Analyzing ponemon cost of data breach. Data Driven Security 11, 5.
  • Jevtić P. & Lanchier N. (2020). Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based lan topology. Insurance: Mathematics and Economics 91, 209–223.
  • Jørgensen B. (1987). Exponential dispersion models. Journal of the Royal Statistical Society: Series B (Methodological) 49(2), 127–145.
  • Jørgensen B., Lundbye-Christensen S., Song P.-K. & Sun L. (1999). A state space model for multivariate longitudinal count data. Biometrika 86(1), 169–181.
  • Jung K. (2021). Extreme data breach losses: an alternative approach to estimating probable maximum loss for data breach risk. North American Actuarial Journal 25(4), 580–603.
  • Jung R. C., Liesenfeld R. & Richard J. -F. (2011). Dynamic factor models for multivariate count data: an application to stock-market trading activity. Journal of Business & Economic Statistics 29(1), 73–85.
  • Kendall M. G. (1975). Rank correlation methods. 4th ed., London: Charles Griffin.
  • Kim E., Gardner D., Deshpande S., Contu R., Kish D. & Canales C. (2018). Forecast analysis: information security, worldwide, 2Q18 update. Gartner Research 0, 0–0.
  • Livsey J., Lund R., Kechagias S. & Pipiras V. (2018). Multivariate integer-valued time series with flexible autocovariances and their application to major hurricane counts. Annals of Applied Statistics 12(1), 408–431.
  • Lu Y. (2018). Dynamic frailty count process in insurance: a unified framework for estimation, pricing, and forecasting. Journal of Risk and Insurance 85(4), 1083–1102.
  • Lu Y. (2021). The predictive distributions of thinning-based count processes. Scandinavian Journal of Statistics 48(1), 42–67.
  • Maillart T. & Sornette D. (2010). Heavy-tailed distribution of cyber-risks. European Physical Journal B 75(3), 357–364.
  • Mann H. B. (1945). Nonparametric tests against trend. Econometrica: Journal of the Econometric Society13(3), 245–259.
  • Mátyás L. (1999). Generalized method of moments estimation. Cambridge: Cambridge University Press.
  • Nguyen Q. H. & Robert C. Y. (2015). Series expansions for convolutions of pareto distributions. Statistics & Risk Modeling 32(1), 49–72.
  • OECD, (2017). Enhancing the role of insurance in cyber risk management. Technical report, OECD Publishing, Paris.
  • OECD, (2019). Insurance business written in the reporting country. OECD Insurance Statistics (database).
  • Pedeli X. & Karlis D. (2013). On composite likelihood estimation of a multivariate INAR (1) model. Journal of Time Series Analysis 34(2), 206–220.
  • Peng C., Xu M., Xu S. & Hu T. (2017). Modeling and predicting extreme cyber attack rates via marked point processes. Journal of Applied Statistics 44(14), 2534–2563.
  • Peng C., Xu M., Xu S. & Hu T. (2018). Modeling multivariate cybersecurity risks. Journal of Applied Statistics 45(15), 2718–2740.
  • RMS-CCRS, (2016). Managing cyber insurance accumulation risk. Technical report, Risk Management Solutions, Inc. and Cambridge Centre for Risk Studies, Cambridge University.
  • Steutel F. W. & van Harn K. (1979). Discrete analogues of self-decomposability and stability. Annals of Probability 7(5), 893–899.
  • Sun H., Xu M. & Zhao P. (2020). Modeling malicious hacking data breach risks. forthcoming, North American Actuarial Journal, P. 1–19.
  • SwissRe, (2017). Cyber: getting to grips with a complex risk. Sigma 1(1), 1–38.
  • Tanoue Y., Kawada A. & Yamashita S. (2017). Forecasting loss given default of bank loans with multi-stage model. International Journal of Forecasting 33(2), 513–522.
  • Trivedi P. & Zimmer D. (2017). A note on identification of bivariate copulas for discrete count data. Econometrics 5(1), 10.
  • Wang L., Akritas M. G. & Van Keilegom I. (2008). An anova-type nonparametric diagnostic test for heteroscedastic regression models. Journal of Nonparametric Statistics 20(5), 365–382.
  • Wang S. & Panjer H. (1993). Critical starting points for stable evaluation of mixed poisson probabilities. Insurance: Mathematics and Economics 13(3), 287–297.
  • Wheatley S., Hofmann A. & Sornette D. (2021). Addressing insurance of data breach cyber risks in the catastrophe framework. Geneva Papers on Risk and Insurance-Issues and Practice 46(1), 53–78.
  • Wheatley S., Maillart T. & Sornette D. (2016). The extreme risk of personal data breaches and the erosion of privacy. European Physical Journal B 89(1), 1–12.
  • Willmot G. E. (1987). The poisson-inverse Gaussian distribution as an alternative to the negative binomial. Scandinavian Actuarial Journal 1987(3-4), 113–127.
  • Xu M. & Hua L. (2019). Cybersecurity insurance: modeling and pricing. North American Actuarial Journal 23(2), 220–249.
  • Xu M., Hua L. & Xu S. (2017). A vine copula model for predicting the effectiveness of cyber defense early-warning. Technometrics 59(4), 508–520.
  • Xu M. & Zhang Y. (2021). Data breach CAT bonds: modeling and pricing. North American Actuarial Journal 25(4), 543–561.
  • Zhu R. & Joe H. (2009). Modelling heavy-tailed count data using a generalised poisson-inverse Gaussian family. Statistics & Probability Letters 79(15), 1695–1703.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.