Analyzing Cyberincidents from a Risk Assessment Perspective
The risk associated with operations in cyberspace presents a growing concern for many organizations, regardless of size or business purpose. Current data suggests that annual growth of cyber incidents is near 30%, making this a pressing problem. This webinar will highlight the work on one of CIRI’s research partners as he shares insights into how his team approached the creation of a new risk assessment model specifically addressing cyber incidents.
Dr. Jay P. Kesan’s work seeks to improve portfolio analysis of risk from a cyber insurance perspective. To do this, his team analyzed a cyber loss dataset created from sources in both the public and private realm, namely Advisen. One aspect of the analysis involved improving the categorization of incidents in the dataset, as it started with fifteen distinct classifications. This is impractical for analysis because it creates very small samples for each incident type. By grouping together incident types based on financial outcomes (cyber losses), Kesan’s team could apply the clustering method to achieve an optimal balance between partition and abstraction (minimizing loss of information). The team also used statistical resampling techniques to model exemplary portfolios of companies together with their associated cyber loss data.
By merging cyber incident data with corporate finance data from CompuStat, Kesan created a novel dataset to gain more insights into how different companies react to cyber incidents. This included an exploration of how cyber incidents impact business reputation. By using goodwill as a proxy for the corporate reputation, the team analyzed the change in goodwill before and after a cyber incident using data from thousands of cyber incidents.
Jay P. Kesan is a Professor at the University of Illinois, College of Law where he is H. Ross & Helen Workman Research Scholar and Director of the Program in Intellectual Property and Technology Law. His research work focuses on computer security, informational privacy, and intellectual property. At the University of Illinois, Professor Kesan is appointed in the College of Law, the Department of Electrical & Computer Engineering, the Information Trust Institute, the Coordinated Science Laboratory, and the College of Business. He is also a co-Principal Investigator in the Critical Infrastructure Resilience Institute (CIRI), which is a DHS S&T Center of Excellence at Illinois.
Professor Kesan received his J.D., summa cum laude from Georgetown University, where he received several awards including Order of the Coif. He served as associate editor of the Georgetown Law Journal. After graduation, he clerked for Judge Patrick E. Higginbotham of the United States Court of Appeals for the Fifth Circuit. Kesan also holds a Ph.D. in electrical and computer engineering from the University of Texas at Austin. Prior to attending law school, he worked as a research scientist at the IBM T.J. Watson Research Center in New York.
His recent publications can be found on Social Science Research Network at http://www.ssrn.com.