Not logged in.

Quick Search - Contribution

Contribution Details

Type	Master's Thesis
Scope	Discipline-based scholarship
Title	Real Cyber Value at Risk: An Approach to Estimate Economic Impacts of Cyberattacks on Businesses
Organization Unit	Communication Systems Group (Burkhard Stiller)
Authors	Fabian Künzler
Supervisors	Muriel Figueredo Franco Chao Feng Burkhard Stiller
Language	English
Institution	University of Zurich
Faculty	Faculty of Business, Economics and Informatics
Date	2023
Abstract Text	To compete in today’s digitized economy, companies rely on computer programs to manage processes efficiently and bring their services directly to customers. However, these tools increase not only business opportunities but also the risk of falling victim to cyber attacks. Consulting firms and academic literature provide several approaches to manage this risk exposure. Nonetheless, most solutions fail to provide individualized, quantitative attack cost estimates based on real-world empirical data. Especially Small and Middle-Sized Enterprises (SME) struggle to quantify their attack exposure due to limited resources and a lack of IT knowledge. This thesis addresses this gap in the current literature by proposing the novel Real Cyber Value at Risk (RCVaR) framework. Consisting of three components, the RCVaR provides a monetary, annualized cost and risk prediction for an individual firm. Thus, addressing the issue of individual risk perception and allowing cross-domain risk comparisons. Evaluating the cost predictions on previously “unseen” data from real-world incidents shows that the RCVaR achieves an Absolute Percentage Error (APE) of 2%. The evaluation further proves that the model reflects quantitative real-world attack cost behavior. To portray the risk component of the RCVaR, the newly proposed Cyber Value at Risk (CVaR) is integrated into the model. In contrast to previous research, the CVaR is not computed with Monte Carlo simulations but on the basis of actual historical quantitative data. Both, cost and risk predictions, are tailored towards SMEs and are easily accessible over a web application. The last contribution of this thesis is a Federated Learning (FL) methodology to address the prevalent lack of real-world cost incident data in cyber security economics. Comparing the performance of different FL models against traditional centralized networks suggests that the process can successfully learn cost prediction functions. Consequently, Federated Learning presents a viable solution to the data scarcity issue. In conclusion, the Real Cyber Value at Risk provides a novel and cost-effective approach to obtain quantitative cost and risk measures that integrate seamlessly into the company’s overall budget planning process.
PDF File	Download
Export	BibTeX