Advanced search
Publication Cover
North American Actuarial Journal Volume 27, 2023 - Issue 3
Submit an article Journal homepage
11,592
Views
7
CrossRef citations to date
0
Altmetric
Feature Articles

The Economic Impact of Extreme Cyber Risk Scenarios

Martin Eling1 Institute of Insurance Economics, University of St. Gallen, St. Gallen, SwitzerlandCorrespondence[email protected]
,
Mauro Elvedi1 Institute of Insurance Economics, University of St. Gallen, St. Gallen, Switzerland
&
Greg Falco2 Institute for Assured Autonomy and the Department of Civil and Systems Engineering, Johns Hopkins University, Baltimore, Maryland
Pages 429-443 | Published online: 24 Mar 2022

REFERENCES

  • Ali, J., and J. R. Santos. 2014. Modeling the ripple effects of IT-based incidents on interdependent economic systems. Systems Engineering 18(2): 146–61. doi:10.1002/sys.21293
  • Bounfour, A., R. Dieye, N. Kammoun, and A. Ozaygen. 2018. Macro estimates of intangibles cyber-risks. https://www.hermeneut.eu/wp-content/uploads/2018/08/HERMENEUT-D3.2-Macro-estimates-of-intangibles-cyber-risks.pdf (accessed April 20, 2021).
  • Cherdantseva, Y., P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and K. Stoddart. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers & Security 56: 1–27. doi:10.1016/j.cose.2015.09.009
  • Chigada, J., and R. Madzinga. 2021. Cyberattacks and threats during COVID-19: A systematic literature review. South African Journal of Information Management 23(1): 1–11.
  • Cimellaro, G. P., A. M. Reinhorn, and M. Bruneau. 2010. Framework for analytical quantification of disaster resilience. Engineering Structures 32(11): 3639–49. doi:10.1016/j.engstruct.2010.08.008
  • Coburn, A., E. Leverett, and G. Woo. 2019. Solving cyber risk. Hoboken, NJ: Wiley.
  • Cole, C. R., and S. G. Fier. 2020. An empirical analysis of insurer participation in the U.S. cyber insurance market. North American Actuarial Journal. doi:10.1080/10920277.2020.1733615
  • Dejung, S. 2017. Economic impact of cyber accumulation scenarios. Swiss Insurance Association Cyber Working Group.
  • Dreyer, P., T. Jones, K. Klima, J. Oberholtzer, A. Strong, J. Welburn, and Z. Winkelman. 2018. Estimating the global cost of cyber risk: methodology and examples. doi:10.7249/rr2299https://www.rand.org/pubs/research_reports/RR2299.html (accessed April 20, 2021).
  • Eckert, C., and N. Gatzert. 2017. Modeling operational risk incorporating reputation risk: An integrated analysis for financial firms. Insurance: Mathematics and Economics 72: 122–37. doi:10.1016/j.insmatheco.2016.11.005
  • Egan, R., S. Cartagena, R. Mohamed, V. Gosrani, J. Grewal, M. Acharyya, et al. 2019. Cyber operational risk scenarios for insurance companies. British Actuarial Journal 24(6): 1–34. doi:10.1017/S1357321718000284
  • Eling, M., and W. Schnell. 2020. Capital requirements for cyber risk and cyber risk insurance. North American Actuarial Journal 24(3): 370–92. doi:10.1080/10920277.2019.1641416
  • Fahrenwaldt, M. A., S. Weber, and K. Weske. 2018. Pricing of cyber insurance contracts in a network model. ASTIN Bulletin 48(3): 1175–218. doi:10.1017/asb.2018.23
  • Falco, G., M. Eling, D. Jablanski, M. Weber, V. Miller, L. A. Gordon, S. S. Wang, J. Schmit, R. Thomas, M. Elvedi, T. Maillart, E. Donavan, S. Dejung, E. Durand, F. Nutter, U. Scheffer, G. Arazi, G. Ohana, and H. Lin. 2019. Cyber risk research impeded by disciplinary barriers. Science 366(6469): 1066–69. doi:10.1126/science.aaz4795
  • Falco, G., A. Viswanathan, C. Caldera, and H. Shrobe. 2018. A master attack methodology for an AI-based automated attack planner for smart cities. IEEE Access 6: 48360–73. doi:10.1109/ACCESS.2018.2867556
  • Farkas, S., O. Lopez, and M. Thomas. 2021. Cyber claim analysis using Generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics 98: 92–105. doi:10.1016/j.insmatheco.2021.02.009
  • Haimes, Y. Y., and P. Jiang. 2001. Leontief-based model of risk in complex interconnected infrastructures. Journal of Infrastructure Systems 7(1): 1–12. doi:10.1061/(ASCE)1076-0342(2001)7:1(1)
  • Haimes, Y. Y., B. M. Horowitz, J. H. Lambert, J. R. Santos, C. Lian, and K. G. Crowther. 2005. Inoperability input-output model for interdependent infrastructure sectors. Journal of Infrastructure Systems 11(2): 67–79. doi:10.1061/(ASCE)1076-0342(2005)11:2(67)
  • Holling, C. S. 1973. Resilience and stability of ecological systems. Annual Review of Ecology and Systematics 4(1): 1–23. doi:10.1146/annurev.es.04.110173.000245
  • Howard, J. D. 1997. An analysis of security incidents on the Internet. PhD thesis, Carnegie Mellon University. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=52454 (accessed April 20, 2021).
  • Howard, J. D. 2015. Using a common language for computer security incident information. In Computer Security Handbook, ed. S. Bosworth, M. E. Kabay, and E. Whyne, 8.1–8.21. Hoboken, NJ: John Wiley & Sons. doi:10.1002/9781118851678.ch8
  • Jevtić, P., and N. Lanchier. 2020. Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology. Insurance: Mathematics and Economics, 91: 209–23. doi:10.1016/j.insmatheco.2020.02.005
  • Jung, J., J. R. Santos, and Y. Y. Haimes. 2009. International trade inoperability input-output model (IT-IIM): theory and application. Risk Analysis 29(1): 137–54. doi:10.1111/j.1539-6924.2008.01126.x
  • Kamiya, S., J. K. Kang, J. Kim, A. Milidonis, and R. M. Stulz. 2021. Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics 139(3): 719–49. doi:10.1016/j.jfineco.2019.05.019
  • Kashyap, A. K., and A. Wetherilt. 2019. Some principles for regulating cyber risk. AEA Papers and Proceedings 109: 482–87. doi:10.1257/pandp.20191058
  • Kelly, S., E. Leverett, E. J. Oughton, J. Copic, S. Thacker, R. Pant, L. Pryor, G. Kassara, T. Evan, S. J. Ruffle, M. Tuveson, A. W. Coburn, D. Ralph, and J. W. Halls. 2016. Integrated infrastructure: Cyber resiliency in society: Mapping the consequences of an interconnected digital economy. https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/risk/downloads/crs-integrated-infrastructure-cyber-resiliency-in-society.pdf (accessed April 20, 2021).
  • Lagazio, M., N. Sherif, and M. Cushman. 2014. A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security 45: 58–74. doi:10.1016/j.cose.2014.05.006
  • Lallie, H. S., L. A. Shepherd, J. R. Nurse, A. Erola, G. Epiphaniou, C. Maple, and X. Bellekens. 2021. Cyber security in the age of Covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security 105: 102248. doi:10.1016/j.cose.2021.102248
  • Leontief, W. W. 1951. The structure of the American economy, 1919–1939: An empirical application of equilibrium analysis. New York, NY: Oxford University Press.
  • Leontief, W. W. 1966. Input-output economics. Oxford: Oxford University Press.
  • Leontief, W. W. 1974. Structure of the world economy: Outline of a simple input-output formulation. American Economic Review 64(6): 823–34.
  • Lewis, J. A. 2018. Economic impact of cybercrime—No slowing down. Santa Clara, CA: McAfee. https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/economic-impact-cybercrime.pdf (accessed April 20, 2021).
  • Li, Y., and Q. Liu. 2021. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports 7: 8176–86. doi:10.1016/j.egyr.2021.08.126
  • Lian, C., and Y. Y. Haimes. 2006. Managing the risk of terrorism to interdependent infrastructure systems through the dynamic inoperability input-output model. Systems Engineering 9(3): 241–58. doi:10.1002/sys.20051
  • Lian, C., J. R. Santos, and Y. Y. Haimes. 2007. Extreme risk analysis of interdependent economic and infrastructure sectors. Risk Analysis 27(4): 1053–64. doi:10.1111/j.1539-6924.2007.00943.x
  • Miller, R. E., and P. D. Blair. 2009. Input-output analysis: Foundations and extensions. Cambridge University Press.
  • Munich Re. 2016. Loss events worldwide 1980–2015. https://reliefweb.int/sites/reliefweb.int/files/resources/Loss_events_worldwide_1980-2015.pdf (accessed April 20, 2021).
  • Niknejad, A., and D. Petrovic. 2016. A fuzzy dynamic inoperability input-output model for strategic risk management in global production networks. International Journal of Production Economics 179: 44–58. doi:10.1016/j.ijpe.2016.05.017
  • Nikolakopoulos, T., E. Darra, and D. Tofan. 2016. The cost of incidents affecting CIIs: Systematic review of studies concerning the economic impact of cyber-security incidents on critical information infrastructures (CII). Heraklion: ENISA.
  • Organization for Ecoomic Cooperation and Development. 2018. Input-output tables 2018 edition. https://stats.oecd.org/Index.aspx?DataSetCode=IOTSI4_2018 (accessed April 20, 2021).
  • Panzieri, S., and R. Setola. 2008. Failures propagation in critical interdependent infrastructures. International Journal of Modelling, Identification and Control 3(1): 69–78. doi:10.1504/IJMIC.2008.018186
  • Parenty, T. J., and J. J. Domet. 2019. Sizing up your cyberrisks. Harvard Business Review 97(6): 102–10.
  • Resurreccion, J., and J. R. Santos. 2012. Multiobjective prioritization methodology and decision support system for evaluating inventory enhancement strategies for disrupted interdependent sectors. Risk Analysis 32(10): 1673–92. doi:10.1111/j.1539-6924.2011.01779.x
  • Risk Management Solutions, Inc. 2016. Managing cyber insurance accumulation risk. https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/risk/downloads/crs-rms-managing-cyber-insurance-accumulation-risk.pdf (accessed April 20, 2021).
  • Rose, A., and S.-Y. Liao. 2005. Modeling regional economic resilience to disasters: A computable general equilibrium analysis of water service disruptions. Journal of Regional Science 45(1): 75–112. doi:10.1111/j.0022-4146.2005.00365.x
  • Ruffle, S. J., G. Bowman, F. Caccioli, A. W. Coburn, S. Kelly, B. Leslie, and D. Ralph. 2014. Stress test scenario: Sybil logic bomb cyber catastrophe. Cambridge Risk Framework Series. Centre for Risk Studies, University of Cambridge.
  • Santos, J. R. 2006. Inoperability input-output modeling of disruptions to interdependent economic systems. Systems Engineering 9(1): 20–34. doi:10.1002/sys.20040
  • Smith, Z. M., E. Lostri, and J. A. Lewis. 2021. The hidden costs of cybercrime. https://www.csis.org/analysis/hidden-costs-cybercrime.
  • Sun, H., M. Xu, and P. Zhao. 2020. Modeling malicious hacking data breach risks. North American Actuarial Journal. doi:10.1080/10920277.2020.1752255
  • Trautman, L. J., and P. Ormerod. 2018. Wannacry, ransomware, and the emerging threat to corporations. Tennessee Law Review 86: 503–56.
  • Weintraub, R., and J. Borenstein. 2017. 11 Things the health care sector must do to improve cybersecurity. Harvard Business Review Online. https://hbr.org/2017/06/11-things-the-health-care-sector-must-do-to-improve-cybersecurity (accessed April 20, 2021)
  • World Bank. 2019. GDP (current US$). https://data.worldbank.org/indicator/ny.gdp.mktp.cd (accessed April 20, 2021).
  • World Economic Forum. 2014. Global risks 2014 ninth edition. http://reports.weforum.org/global-risks-2014/?doing_wp_cron=1548774994.0724980831146240234375 (accessed April 20, 2021).
  • Xu, M., and L. Hua. 2019. Cybersecurity insurance: Modeling and pricing. North American Actuarial Journal 23(2): 220–49. doi:10.1080/10920277.2019.1566076

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.