Cyber risk assessment requires defined and objective methodologies; otherwise, its results cannot be considered reliable. The lack\nof quantitative data can be dangerous: if the assessment is entirely qualitative, subjectivity will loom large in the process. Too much\nsubjectivity in the risk assessment process can weaken the credibility of the assessment results and compromise risk management\nprograms. On the other hand, obtaining a sufficiently large amount of quantitative data allowing reliable extrapolations and\nprevisions is often hard or even unfeasible. In this paper, we propose and study a quantitative methodology to assess a potential\nannualized economic loss risk of a company. In particular, our approach only relies on aggregated empirical data, which can be\nobtained from several sources. We also describe how the method can be applied to real companies, in order to customize the initial\ndata and obtain reliable and specific risk assessments.
Loading....