Cybersecurity and Privacy Risks

Cybersecurity and Privacy Risks

Cyber risk is a rising concern for organizations in both the public and private sectors. The World Economic Forum’s Global Risks Report 2018 names cyberattacks and cyber warfare as a top cause of disruption in the next five years. It reported that “almost 40 percent of all industrial control systems and critical infrastructure faced a cyberattack at some point in the second half of 2017”.

While cyber insurance has naturally emerged as a market solution to mitigate cyber risk in the recent decade, its development is still in an early stage. The underdevelopment of cyber insurance market is attributable to the complex yet unknown nature of cyber risks. Our research aims to model, quantify and assess cyber risks by combining cybersecurity engineering and actuarial approaches, and to design insurance schemes and risk management strategies that accommodate the unique nature of cyber risk.

Privacy is a key issue for cyber-related economic development with regard to the confidentiality of personal data. As data science gives rise to new approaches to uncover hidden relationships among data fields, company datasets are vulnerable to re-identification attacks, thus requiring additional treatments, such as data distortion. From the risk perspective, our research provides a quantitative analytics framework, which helps data owners, such as insurers, better utilize their customers’ data by applying privacy preserving techniques while minimizing the privacy risk of their customers.