105 résultats
pour « Résilience numérique »
Managing cyber risk in the supply chain is a major challenge in cybersecurity. Organizations struggle to evaluate suppliers' security postures, while suppliers face challenges in communicating these postures. This study, using interviews and surveys, formulates a process theory for supplier cyber risk assessment, highlighting the importance of secure technology. The findings provide actionable insights for improving supply chain cyber risk management.
Optimizing cybersecurity involves understanding it as an organizational concern with varying stakeholder perspectives. Instead of viewing it as a standalone issue, decision-makers should align security measures with business goals. This paper proposes a model considering organizational priorities, translating them into a utility function for evaluating security controls, and finding an optimal balance between risk, cost, and benefit.
“… the report underscores the critical role of emerging governance, risk, and compliance frameworks in ensuring organizations remain adaptive and resilient in the face of ever-evolving cyber threats. In an era where digital risks are continuously evolving...”
The article advocates for a shift in cyber risk assessment from a threat-centric to a harm-centric approach. Current models often neglect qualitative and cascading impacts of cyber incidents. The proposed Cyber Harm Model (CHM) aims to address this gap, providing a comprehensive framework for assessing and mitigating harm, using empirical data from Critical Information Infrastructures.
"Using a novel firm-level measure of cybersecurity, we find that cybersecurity risk increases the probability of bank default. The effect is larger for banks with deposit withdrawal, but less pronounced for banks with liquidity buffer. Our results are robust to using an instrumental variable approach and to using alternative measures. "
“While the main discussion of the paper is tailored to the management of systemic cyber risk in digital networks, we also draw parallels to similar risk management frameworks for other types of complex systems.”
The Three Lines of Defence model (based on defence-in-depth approaches) has become one of the primary risk management frameworks. Yet, its application in the cybersecurity space, one of the fastest-growing areas of risk for modern organisations, has been fragmented at best. In this article, we conducted a systematic literature review on the application of this model in cybersecurity.
This study explores cyber risk in businesses, suggesting cybersecurity investment and insurance as key strategies. Using a network model, it examines firms' interconnected decisions, defining a Nash equilibrium where firms optimize cybersecurity and insurance. Findings highlight their interdependence and how network structures affect choices, reinforced by numerical analyses.
Proactive cyber-risk assessment is gaining importance due to its potential benefits in preventing cyber incidents across various sectors and addressing emerging vulnerabilities in cyber-physical systems. This study presents a robust statistical framework, using mid-quantile regression, to assess cyber vulnerabilities, rank them, and measure accuracy while dealing with partial knowledge. The model is tested with simulated and real data to support informed decision-making in operational scenarios.
“Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyberattacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This article examines current and proposed reporting requirements, especially in the financial sector, where they are the most advanced.”