Journal of Operational Risk

Risk.net

Estimation of losses due to cyber risk for financial institutions

Antoine Bouveret

  • The objective of this paper is to analyse cyber risk from an operational risk perspective and to measure cyber risk empirically.
  • Using a novel data set on cyber attacks, we analyse the main characteristics of cyber attacks and identify patterns using correspondence analysis.
  • The results emphasize the need to improve the modelling of cyber risk from an operational risk perspective.

Cyber risk has emerged as a key threat to financial institutions. The objective of this paper is to analyze cyber risk from an operational risk perspective and to measure cyber risk empirically. Using a novel data set on cyber attacks, we analyze the main characteristics of cyber attacks and identify patterns using correspondence analysis. We apply the loss distribution approach to the data set and show that the distribution of losses due to cyber risk has a heavy tail and is best modeled by a generalized Pareto distribution. We derive risk measures under different scenarios and show that the estimated losses are substantially larger than the size of the cyber-insurance market. Our results emphasize the need to improve the modeling of cyber risk from an operational risk perspective.

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: