Risk arising from operations in cyberspace is already a growing concern for organizations and companies, and we estimate a 30% annual growth in the number of cyber incidents based on the cyber loss dataset that we have created from private (from Advisen Ltd.) and public sources. Our work seeks to improve portfolio analysis of risk from a cyber insurance perspective. As a preliminary matter, we improve the categorization of incidents in our dataset. For example, our dataset reveals fifteen incident types to describe cyber incidents which is impractical for analysis because it creates very small samples for each incident type. Hence, we group together incident types based on financial outcomes (cyber losses) using the clustering method to achieve an optimal balance between partition and abstraction (minimizing loss of information). This technique also helps us study how various causes of incidents, such as malicious data breach and/or cyber extortion, can lead to different outcomes. Next, we deepen our understanding of cyber risk through empirical analyses of historical incidents. We have examined a set of factors to determine the influential ones that can determine the frequency and severity of cyber incidents. With these insights, we have performed industry-specific analyses of several industries/market segments, such as including maritime and food. We also use statistical resampling techniques to model exemplary portfolios of companies together with their associated cyber loss data. Finally, we are creating a novel dataset by merging cyber incident data with corporate finance data from CompuStat in order to gain more insights into how different companies react to cyber incidents. In one such study, we explore how investors respond to cyber incidents by studying the abnormal returns generated by companies’ stocks after cyber incidents.
Jay P. Kesan is a Professor at the University of Illinois, College of Law where he is H. Ross & Helen Workman Research Scholar and Director of the Program in Intellectual Property and Technology Law. His research work focuses on computer security, informationa l privacy, and intellectual property. At the University of Illinois, Professor Kesan is appointed in the College of Law, the Department of Electrical & Computer Engineering, the Information Trust Institute, the Coordinated Science Laboratory, and the College of Business. He is also a co-Principal Investigator in the Critical Infrastructure Resilience Institute (CIRI), which is a DHS S&T Center of Excellence at Illinois.
Professor Kesan received his J.D., summa cum laude from Georgetown University, where he received several awards including Order of the Coif. He served as associate editor of the Georgetown Law Journal. After graduation, he clerked for Judge Patrick E. Higginbotham of the United States Court of Appeals for the Fifth Circuit. Kesan also holds a Ph.D. in electrical and computer engineering from the University of Texas at Austin. Prior to attending law school, he worked as a research scientist at the IBM T.J. Watson Research Center in New York.
His recent publications can be found on Social Science Research Network at http://www.ssrn.com.