A0861
Title: Ordered response models for cyber risk assessment
Authors: Silvia Facchinetti - Universita Cattolica Del Sacro Cuore Di Milano (Italy) [presenting]
Silvia Angela Osmetti - Università Cattolica di Milano (Italy)
Claudia Tarantola - University of Pavia (Italy)
Abstract: Evaluating the risk of cyber-attacks is essential for companies. There is a growing need to develop and implement effective strategies for cyber security, data security, and privacy protection. With the rise in cyber threats, assessing the risk of a successful attack is increasingly important for companies and their customers. While quantitative loss data are seldom available, experts can provide qualitative evaluations of attack severity on an ordinal scale. Hence, the ordered response model, particularly the cumulative link model, is suitable for analyzing cyber risk. This model explains the experts' assessments of the severity of a cyber-attack based on a set of explanatory variables describing the characteristics of the attack under consideration, including measures of the attack's impact diffusion through a network structure. Additionally, a detailed analysis of a real dataset is offered, documenting major cyber-attacks worldwide from 2017-2018.
