Analysis of Cyber Incident Categories Based on Losses

Jay P. Kesan, Linfeng Zhang

Research output: Contribution to journalArticlepeer-review


The fact that "cyber risk"is indeed a collective term for various distinct risks creates great difficulty in communications. For example, policyholders of "cyber insurance"contracts often have a limited or inaccurate understanding about the coverage that they have. To address this issue, we propose a cyber risk categorization method using clustering techniques. This method classifies cyber incidents based on their consequential losses for insurance and risk management purposes. As a result, it also reveals the relationship between the causes and the outcomes of incidents. Our results show that similar cyber incidents, which are often not properly distinguished, can lead to very different losses. We hope that our work can clarify the differences between cyber risks and provide a set of risk categories that is feasible in practice and for future studies.

Original languageEnglish (US)
Article number25
JournalACM Transactions on Management Information Systems
Issue number4
StatePublished - Dec 2020


  • Cyber risk
  • cyber insurance
  • cyber losses

ASJC Scopus subject areas

  • Management Information Systems
  • General Computer Science


Dive into the research topics of 'Analysis of Cyber Incident Categories Based on Losses'. Together they form a unique fingerprint.

Cite this