Skip to main content

Journal of Operational Risk

ISSN:

1755-2710 (online)

Editor-in-chief: Marcelo Cruz

Impact Factor: 0.8

First Published: March 2006

Risk.net

Improving data for managing cyber risk and building resilience

Bryson Alexander, Filippo Curti, Jeffrey Gerlach and Stacey Schreft

Need to know

  • Currently available cyber data is insufficient for effectively measuring and proactively managing cyber risk at the system level.
  • An examination of prominent cyber notification rules reveals that most do not require that covered firms provide critical details about cyberattacks and are inconsistent across jurisdictions.
  • A structured, horizontally consistent dataset, that captures detailed, nontechnical information on successful cyberattacks and near misses will provide the data needed for cyber risk management.
  • Implementing a harmonized regulatory reporting form to collect cyber data across jurisdictions will improve the quantification, pricing, and analysis of cyber risk, while reducing costs for the firms that provide the data.

Abstract

Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyber attacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This paper examines the current and proposed reporting requirements, especially in the financial sector, where they are the most prevalent. It describes the data gaps that remain and discusses how moving toward a better and harmonized cyber incident data collection rule could improve cybersecurity, reduce the risk of catastrophic cyber incidents and reduce the regulatory burden on companies that currently must report cyber data to multiple agencies.

Copyright Infopro Digital Limited. All rights reserved.

As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.

If you would like to purchase additional rights please email info@risk.net

Copyright Infopro Digital Limited. All rights reserved.

You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.

If you would like to purchase additional rights please email info@risk.net

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

Want to know what’s included in our free membership? Click here

Show password
Hide password

Browse journals

Journal of Computational Finance
Journal of Credit Risk
Journal of Energy Markets
Journal of Financial Markets Infrastructures
Journal of Investment Strategies
Journal of Network theory in Finance
Journal of Operational Risk
Journal of Risk
Journal of Risk Model Validation

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here