Footnote:
In: ACM Transactions on Management Information Systems
Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments November 15, 2019 erstellt
Description:
The fact that "cyber risk" is indeed a collective term for various distinct risks creates great difficulty in communications. For example, policyholders of "cyber insurance" contracts often have a limited or inaccurate understanding about the coverage that they have. To address this issue, we propose a cyber risk categorization method using clustering techniques. This method classifies cyber incidents based on their consequential losses for insurance and risk management purposes. As a result, it also reveals the relationship between the causes and the outcomes of incidents. Our results show that similar cyber incidents, which are often not properly distinguished, can lead to very different losses. We hope that our work can clarify the differences between cyber risks and provide a set of risk categories that is feasible in practice and for future studies