With among the largest cyber assaults occurring in recent times—from 2010 to 2019—we’re solely starting to know the total extent of cyber danger. As companies grapple with the dangers of cyber-incidents and their imperfect skill to stop them, consideration has shifted towards danger administration and insurance coverage. Whereas there have been efforts to know the prices of cyber assaults, the systemic danger—a results of dangers spreading throughout interdependent methods—related to cyber assaults stays a essential and drawback in want of additional research. We contribute a theoretical framework that describes systemic cyber danger as the results of cascading, frequent trigger, or unbiased failures following a cyber incident. We assemble a quantitative mannequin of cascading failures to estimate the potential financial injury related to a given cyber incident. We current an interdisciplinary strategy for extending customary sector-level input-output analyses to the cyber area, which has not been carried out. We estimate the mixture losses related to firm-level incidents, a contribution to danger evaluation and computational financial modeling. We use this mannequin to estimate the influence of potential cyber incidents and evaluate mannequin outcomes to a case with identified damages. Lastly, we use the mannequin of systemic cyber failure to contemplate the implications on the rising cyber insurance coverage market and the necessity for broader cyber coverage. Whereas we focus on the subject of systemic cyber danger, our contribution of utilizing I/O evaluation to estimate the mixture losses from firm-level incidents is relevant throughout a wide range of danger evaluation purposes from surroundings to well being.
The RAND Company is a nonprofit establishment that helps enhance coverage and decisionmaking by means of analysis and evaluation. RAND’s publications don’t essentially replicate the opinions of its analysis purchasers and sponsors.