109 résultats
pour « Résilience numérique »
The Three Lines of Defence model (based on defence-in-depth approaches) has become one of the primary risk management frameworks. Yet, its application in the cybersecurity space, one of the fastest-growing areas of risk for modern organisations, has been fragmented at best. In this article, we conducted a systematic literature review on the application of this model in cybersecurity.
This study explores cyber risk in businesses, suggesting cybersecurity investment and insurance as key strategies. Using a network model, it examines firms' interconnected decisions, defining a Nash equilibrium where firms optimize cybersecurity and insurance. Findings highlight their interdependence and how network structures affect choices, reinforced by numerical analyses.
Proactive cyber-risk assessment is gaining importance due to its potential benefits in preventing cyber incidents across various sectors and addressing emerging vulnerabilities in cyber-physical systems. This study presents a robust statistical framework, using mid-quantile regression, to assess cyber vulnerabilities, rank them, and measure accuracy while dealing with partial knowledge. The model is tested with simulated and real data to support informed decision-making in operational scenarios.
“Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyberattacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This article examines current and proposed reporting requirements, especially in the financial sector, where they are the most advanced.”
Amid growing cyber threats, research on cyber insurance risk has been limited by data constraints. This paper addresses this gap by utilizing overlooked public data from U.S. state Attorneys General, offering insights into the actual scope of cyber insurance risk. The data, derived from mandatory data breach reporting, provides valuable information for pricing, reserving, underwriting, and experience monitoring in the cyber insurance industry.
The increasing complexity of data protection laws, rising compliance costs, and evolving cyber threats make data security a vital business concern.
#regulators recently issued #cybersecurity #disclosure guidelines to enhance #transparency and #accountability among firms. A study analyzed cybersecurity disclosure practices among a sample of Toronto Stock Exchange firms over seven years. Findings indicate a notable increase in disclosure after 2017 guidance by #canadian Securities Administrators. However, improvements are needed, especially in #governance and #riskmitigation disclosure. This study sheds light on policy's impact on cybersecurity transparency.
#cybersecurity goes beyond networks and people, encompassing #physicalsecurity crucial for organizations. Inadequate physical security, seen in incidents like the Oklahoma City bombing, 9/11 attacks, and U.S. Capitol breach, highlight policy and control failures. Effective physical security involves planning, #riskassessment, #controls, and frameworks like #cpted, #nist, and #fema, addressing present and future #threats.
The current global #dataprivacy situation resembles the accountability crisis during the early 2000s US accounting scandals. Lack of oversight, #transparency, and #regulation has led to confusion and distrust. By emulating successful models like the Sarbanes-Oxley Act, companies can regain consumer trust by treating privacy policies like #financialstatements, standardized and audited. The proposal includes #privacy #controls similar to financial internal controls and a Privacy Cube framework for #riskmanagement, ultimately aiming to rebuild #consumertrust in #data handling.
The study analyzes how #cybersecurityrisk impacts #clawback policy adoption in #us listed firms from 2008-2018. It finds that rising cybersecurity risk increases clawback adoption, influenced by business goals, management preferences, and market efficiency. Stronger tech commitment and non-co-opted boards reduce this effect, showing firms consider clawbacks as preventive against #misconduct, incorporating cybersecurity risk.