Nos derniers articles

The Cyber Due Diligence Object Model (CDDOM) is a structured, extensible framework designed for SMEs to manage cybersecurity due diligence in digital supply chains. Aligned with regulations like NIS2, DORA, CRA, and GDPR, CDDOM enables continuous, automated, and traceable due diligence. It integrates descriptive schemas, role-specific messaging, and decision support to facilitate supplier onboarding, risk reassessment, and regulatory compliance. Validated in real-world scenarios, CDDOM supports automation, transparency, and interoperability, translating compliance and trust signals into machine-readable formats. It fosters resilient, decision-oriented cyber governance, addressing modern cybersecurity challenges outlined in recent research.

This study extends the Gordon–Loeb model for cybersecurity investment by incorporating a Hawkes process to model temporally clustered cyberattacks, reflecting real-world attack bursts. Formulated as a stochastic optimal control problem, it maximizes net benefits through adaptive investment policies that respond to attack arrivals. Numerical results show these dynamic strategies outperform static and Poisson-based models, which overlook clustering, especially in high-risk scenarios. The framework aids risk managers in tailoring responsive cybersecurity strategies. Future work includes empirical calibration, risk-averse loss modeling, cyber-insurance integration, and multivariate Hawkes processes for diverse attack types.

The World Economic Forum (WEF) and the University of Oxford’s GCSCC released the *Cyber Resilience Compass* to help organizations strengthen cyber resilience. Based on global expert input, it outlines seven key areas: leadership, governance, people and culture, business processes, technical systems, crisis management, and ecosystem engagement. It stresses that cyber resilience requires more than technical fixes; it demands aligning strategies with business goals, continuous learning, and collaboration. Tailored approaches are essential, given differing organizational risks and structures. The Compass aims to foster knowledge-sharing and build a scalable, adaptable framework for long-term, effective cyber resilience.

Integrating Cyber Security (CS) with Enterprise Architecture (EA) offers a holistic approach to managing complex cyber risks. This study, through literature review, focus groups, and interviews, identified four key integration strategies: embedding CS in EA frameworks, leveraging agile secure development, enhancing knowledge exchange, and aligning CS/EA functions. Implementing these can improve Cyber Risk Management efficiency and reliability.

The EU prioritizes cybersecurity and data protection due to rising cyber threats and digital transformation. It employs regulations like GDPR for personal data and the NIS Directive for critical infrastructure resilience. This study analyzes their impact, challenges, and interplay, also comparing them globally to assess effectiveness in safeguarding digital security and fostering trust.

This study analyzes resource provisioning with strict reliability demands. It characterizes optimal cost scaling in chance-constrained problems as reliability increases. It reveals limitations of common distributionally robust optimization methods, proposes improvements using marginal distributions or f-divergences, and offers a line search for near-optimal solutions, overcoming data sample limitations.

AI could revolutionize UK sectors, enhancing productivity and decision-making, notably in finance by automating processes and refining decisions like underwriting. However, its rapid evolution raises uncertainties and financial stability risks, including systemic issues from flawed AI models, market instability, and cyber threats. The Financial Policy Committee (FPC) is assessing these risks to ensure safe AI adoption, supporting sustainable growth through vigilant monitoring and regulation.

The ESAs Spring 2025 update highlights geopolitical tensions and cyber risks as major threats to EU financial stability. Trade disputes, policy shifts, conflicts, and economic fragmentation demand increased vigilance. Financial institutions face uncertainties in international markets, liquidity, and AI's role. Proactive risk management, cyber resilience, and monitoring global linkages are crucial.

Cyberattacks primarily impact firm value through increased costs rather than sales declines, indicating financial burdens over reputational damage. Costs persist beyond the short term, and firms invest in recovery efforts. Over time, reputational concerns have diminished as cyber resilience improves. These findings emphasize the need for strong corporate risk management, focusing on cost recovery, recovery planning, and trust restoration strategies tailored to specific contexts.

En 2024, la France vit plus que jamais dans une « société du risque» face aux tensions géopolitiques, au décrochage économique européen et à l'aggravation des risques climatiques (année la plus chaude, événements naturels coûteux). Les Français se sentent vulnérables et inquiets face aux risques de guerre et à la capacité future d'assurer les risques climatiques et autres. Le secteur de l'assurance, bien que créateur d'emplois et gérant un grand nombre de sinistres (dont le coût des événements naturels a atteint 5 milliards d'euros en France), fait face à une hausse de la sinistralité (dégâts des eaux, sinistres graves pour les professionnels, cyberattaques, sinistralité agricole record) et des coûts (réparation automobile, dépenses de santé).