Quantifying cyber risk: a computational insurance approach

The number of devices connected to the internet will reach 125 billion in 2030, up from 27 billion in 2017. The fast-growing Internet of things, however, makes us more vulnerable in the cyber domain. Since it is not possible to achieve zero risk of cyberattacks, the question is how much risk can be tolerated. Risk quantification is necessary. The EU-funded QCYRISK project will infer loss distributions from insurance prices. It will also infer full cyber loss distributions, including how they vary based on firm-specific characteristics. The project will study synthetic distributions and real cybercrime data. A main objective is to provide a set of loss distributions for multiple cyber incident types adjusted based on a firm’s revenue and industry.