@article{9bbf892e59904f64827e3af4ab704263,
title = "Analysis of Cyber Incident Categories Based on Losses",
abstract = "The fact that {"}cyber risk{"}is indeed a collective term for various distinct risks creates great difficulty in communications. For example, policyholders of {"}cyber insurance{"}contracts often have a limited or inaccurate understanding about the coverage that they have. To address this issue, we propose a cyber risk categorization method using clustering techniques. This method classifies cyber incidents based on their consequential losses for insurance and risk management purposes. As a result, it also reveals the relationship between the causes and the outcomes of incidents. Our results show that similar cyber incidents, which are often not properly distinguished, can lead to very different losses. We hope that our work can clarify the differences between cyber risks and provide a set of risk categories that is feasible in practice and for future studies.",
keywords = "Cyber risk, cyber insurance, cyber losses",
author = "Kesan, {Jay P.} and Linfeng Zhang",
note = "Funding Information: This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award No. 2015-06-01. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security. Authors{\textquoteright} addresses: J. P. Kesan (corresponding author), University of Illinois at Urbana-Champaign, 134 Law Building, 504 E. Pennsylvania Ave., Champaign, Illinois, 61820; email: kesan@illinois.edu; L. Zhang, University of Illinois at Urbana-Champaign, 250 Altgeld Hall, 1409 W. Green Street, Urbana, Illinois, 61801; email: lzhang18@illinois.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. {\textcopyright} 2020 Association for Computing Machinery. 2158-656X/2020/09-ART25 $15.00 https://doi.org/10.1145/3418288 Publisher Copyright: {\textcopyright} 2020 ACM.",
year = "2020",
month = dec,
doi = "10.1145/3418288",
language = "English (US)",
volume = "11",
journal = "ACM Transactions on Management Information Systems",
issn = "2158-656X",
publisher = "Association for Computing Machinery",
number = "4",
}