Project description
Figuring out how much cyber risk isn’t risky
The number of devices connected to the internet will reach 125 billion in 2030, up from 27 billion in 2017. The fast-growing Internet of things, however, makes us more vulnerable in the cyber domain. Since it is not possible to achieve zero risk of cyberattacks, the question is how much risk can be tolerated. Risk quantification is necessary. The EU-funded QCYRISK project will infer loss distributions from insurance prices. It will also infer full cyber loss distributions, including how they vary based on firm-specific characteristics. The project will study synthetic distributions and real cybercrime data. A main objective is to provide a set of loss distributions for multiple cyber incident types adjusted based on a firm’s revenue and industry.
Objective
Quantifying cyber risk is an important step in assigning resources to prevention. Yet data limitations mean that current estimates ignore certain incidents (e.g ransomware), rarely provide the financial cost, and cannot describe how risk varies based on the firm’s revenue or industry. Surprisingly insurers sell cyber insurance for the ignored incident types and vary the price based on firm-specific characteristics. Extracting insurers’ cyber loss models could help firms manage risk, regardless of whether they purchase insurance.
The proposed action (QCYRISK) uses an iterative model fitting approach to infer loss distributions from insurance prices. The first research question develops the conceptual foundations by building an economic argument about how much information can be extracted from insurance markets. QCYRISK's second question seeks to infer full cyber loss distributions, including how they vary based on firm-specific characteristics. The final research question adopts an adversarial machine learning approach to probe the validity of the inferences, using both synthetic distributions and real cyber crime data.
In terms of results and dissemination, QCYRISK will provide a set of loss distributions for multiple cyber incident types adjusted based on the firm’s revenue and industry. These will be made available as a spreadsheet for real-world risk managers. We will also run a continuing education seminar for insurance professionals to raise awareness about the method. The developed method represents a new computational insurance technique that could be applied to extract information from a global total of €4.7 trillion insurance premiums.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
H2020-EU.1.3. - EXCELLENT SCIENCE - Marie Skłodowska-Curie Actions
MAIN PROGRAMME
See all projects funded under this programme -
H2020-EU.1.3.2. - Nurturing excellence by means of cross-border and cross-sector mobility
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
MSCA-IF-EF-ST - Standard EF
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) H2020-MSCA-IF-2019
See all projects funded under this callCoordinator
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
6020 Innsbruck
Austria
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.