TITLE: Analyzing Cyberincidents from a Risk Assessment Perspective
ABSTRACT: Risk arising from operations in cyberspace is already a growing concern for organizations and companies, and we estimate a 30% annual growth in the number of cyber incidents based on the cyber loss dataset that we have created from private (from Advisen) and public sources. Our work seeks to improve portfolio analysis of risk from a cyber insurance perspective. As a preliminary matter, we improve the categorization of incidents in our dataset. For example, the Advisen dataset uses fifteen incident types to describe cyber incidents which is impractical for analysis because it creates very small samples for each incident type. Hence, we group together incident types based on financial outcomes (cyber losses) using the clustering method to achieve an optimal balance between partition and abstraction (minimizing loss of information). We also use statistical resampling techniques to model exemplary portfolios of companies together with their associated cyber loss data. Next, we have created a novel dataset by merging cyber incident data with corporate finance data from CompuStat in order to gain more insights into how different companies react to cyber incidents. In one such study, we explore how cyber incidents impact business reputation, and using goodwill as a proxy for the corporate reputation, we analyze the change in goodwill before and after a cyber incident using data from thousands of cyber incidents.
BIO: Jay P. Kesan is a Professor at the University of Illinois, College of Law where he is H. Ross & Helen Workman Research Scholar and Director of the Program in Intellectual Property and Technology Law. His research work focuses on computer security, informational privacy, and intellectual property. At the University of Illinois, Professor Kesan is appointed in the College of Law, the Department of Electrical & Computer Engineering, the Information Trust Institute, the Coordinated Science Laboratory, and the College of Business. He is also a co-Principal Investigator in the Critical Infrastructure Resilience Institute (CIRI), which is a DHS S&T Center of Excellence at Illinois. Professor Kesan received his J.D., summa cum laude from Georgetown University, where he received several awards including Order of the Coif and served as associate editor of the Georgetown Law Journal. After graduation, he clerked for Judge Patrick E. Higginbotham of the United States Court of Appeals for the Fifth Circuit. Prior to attending law school, Jay Kesan – who also holds a Ph.D. in electrical and computer engineering from the University of Texas at Austin worked as a research scientist at the IBM T.J. Watson Research Center in New York. His recent publications can be found on SSRN (Social Science Research Network) at http://www.ssrn.com.