Cyber risk refers to the potential losses that a firm might suffer due to a failure of its information system. The exponential increase in the use and the complexity of information systems has made cyber risk one of the most important and vulnerable operational risks for a company. In order to determine the total cyber risk exposure of a company, one first has to determine potential losses due to different sources of cyber risk, such as DDoS, ransomware, etc; one then has to aggregate individual cyber losses of the company. In this project, we investigate how to determine the individual cyber loss distributions using historical data. We then investigate different methodologies to aggregate the individual loss distributions to construct the aggregated cyber loss distribution of a company. Lastly, we investigate different models to quantify the aggregated cyber loss using risk measures.
Students: Nargiz Alekberova, Joshua Immanuel, Linshan Jiang, Evelyn Lai Jia Yi, Hanqing Wang
Supervisor: Alfred Chong, Daniël Linders
Graduate Supervisor: Linfeng Zhang