{"title":"一种量化、降低和保障网络风险的新方法:初步分析和进一步研究建议","authors":"Shalom Bublil, Neil Gandal, M. Riordan","doi":"10.2139/ssrn.3548380","DOIUrl":null,"url":null,"abstract":"Few would dispute that cyber risk is a very serious problem for the global economy and for society. But there is a \"disconnect\" between acknowledgement of the problem and action to address the problem. What is the relationship between vulnerabilities, preventive measures, and security incidents, like the leaking of sensitive data (say credit card information) to the web? To the best of our knowledge, little if anything is known about the relationship among these variables and no one has examined this issue empirically at the micro level, that is, at the level of the firm. In this paper, we put together a remarkable and unique cross-sectional data set at the firm level that includes information on vulnerabilities, attempted email attacks, incidents (breaches), precautions (security measures.) and firm characteristics. The data set contains slightly under 1000 small and medium firms in the U.K. We empirically examine the data and show that there are meaningful correlations among incidents and the other variables. Finally, we estimate a reduced form model with incidents as the dependent variable to illustrate the potential from employing such data.","PeriodicalId":401540,"journal":{"name":"CEPR: Industrial Organization (Topic)","volume":"325 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A New Approach to Quantifying, Reducing and Insuring Cyber Risk: Preliminary Analysis and Proposal for Further Research\",\"authors\":\"Shalom Bublil, Neil Gandal, M. Riordan\",\"doi\":\"10.2139/ssrn.3548380\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Few would dispute that cyber risk is a very serious problem for the global economy and for society. But there is a \\\"disconnect\\\" between acknowledgement of the problem and action to address the problem. What is the relationship between vulnerabilities, preventive measures, and security incidents, like the leaking of sensitive data (say credit card information) to the web? To the best of our knowledge, little if anything is known about the relationship among these variables and no one has examined this issue empirically at the micro level, that is, at the level of the firm. In this paper, we put together a remarkable and unique cross-sectional data set at the firm level that includes information on vulnerabilities, attempted email attacks, incidents (breaches), precautions (security measures.) and firm characteristics. The data set contains slightly under 1000 small and medium firms in the U.K. We empirically examine the data and show that there are meaningful correlations among incidents and the other variables. Finally, we estimate a reduced form model with incidents as the dependent variable to illustrate the potential from employing such data.\",\"PeriodicalId\":401540,\"journal\":{\"name\":\"CEPR: Industrial Organization (Topic)\",\"volume\":\"325 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-02-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CEPR: Industrial Organization (Topic)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2139/ssrn.3548380\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CEPR: Industrial Organization (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.3548380","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A New Approach to Quantifying, Reducing and Insuring Cyber Risk: Preliminary Analysis and Proposal for Further Research
Few would dispute that cyber risk is a very serious problem for the global economy and for society. But there is a "disconnect" between acknowledgement of the problem and action to address the problem. What is the relationship between vulnerabilities, preventive measures, and security incidents, like the leaking of sensitive data (say credit card information) to the web? To the best of our knowledge, little if anything is known about the relationship among these variables and no one has examined this issue empirically at the micro level, that is, at the level of the firm. In this paper, we put together a remarkable and unique cross-sectional data set at the firm level that includes information on vulnerabilities, attempted email attacks, incidents (breaches), precautions (security measures.) and firm characteristics. The data set contains slightly under 1000 small and medium firms in the U.K. We empirically examine the data and show that there are meaningful correlations among incidents and the other variables. Finally, we estimate a reduced form model with incidents as the dependent variable to illustrate the potential from employing such data.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
