Cyber risk and cybersecurity: a systematic review of data availability

Global cyber-crime losses are now estimates near 1 trillion USD, yet organizations, insurers, and researchers still struggle to access coherent high-quality data on attacks and losses. The authors examine what cyber-risk and cybersecurity datasets exist and where are the gaps? They used four scholarly databases using “cybersecurity OR cyber risk AND dataset OR database” and looked for peer-reviewed, English language articles from the past 10 years that used or created at least one cyber dataset. They found 255 papers and 79 unique datasets created between 2011-2021. Most of the data they found were technical, not economic, supporting intrusion-detection or machine-learning research. There was notably a shortage of open access data, and sparse implications for cyber-insurance. The review shows that while technical data for attack detection are plentiful, open, standardized data on losses and impacts remain scares. Creating a major obstacle for evidence-based risk management, insurance implications, and policy making. Expanding transparent data-sharing mandates and refreshing outdated papers are critical next steps.