Using a comprehensive database of cyber events from 2008 to 2020, this study examines the nature of losses from cyber attacks across various types of cyber risks and business sectors. The findings reveal a substantial increase in the frequency of reported cyber attacks over this period, with the type and severity of losses varying depending on the business sector and specific cyber threat. Interestingly, no clear relationship was found between the frequency of events, severity of losses, and number of records affected. The study also highlights the “heavy-tailed” nature of cyber losses, where most losses are relatively small, but a few extreme events can cause catastrophic damages. To better manage cyber risks, the authors recommend improving data collection, increasing awareness among businesses, and constantly updating cybersecurity practices.
Author:
Pavel V Shevchenko, Jiwook Jang, Matteo Malavasi, Gareth W Peters, Georgy Sofronov, Stefan Trück
