MENU

Maggie (Meng) Sun

Title: Advancements in Cyber Risk Management: a Comprehensive Statistical Modeling and Analysis of Data Breaches with Applications in Cyber Insurance
Date: Thursday, August 1st, 2024
Time: 10am
Location: LIB 7200 & Zoom
Supervised by: Dr. Yi Lu

Abstract: : In the rapidly evolving landscape of cybersecurity, the increased demand for zero trust protection and the intricate management of digital assets give rise to the urgent need for robust cyber risk mitigation strategies. Despite significant investments in information security, the escalating frequency and severity of cyber breaches pose substantial risks to business operations, with potential large-scale economic impacts. This thesis presents a comprehensive analysis of cyber risk estimation and prediction, employing advanced statistical modeling techniques. An empirical investigation of the Privacy Rights Clearinghouse (PRC) Data Breach Chronology dataset, including cluster analysis and preliminary data examination, sets the groundwork for subsequent modeling approaches. A Bayesian negative binomial generalized linear mixed model is introduced to capture quarterly variations and heterogeneity in cyber incidents frequency. Further, the thesis explores loss severity modeling using a zero-inflated mixture and composite regression model. This model incorporates splicing and finite mixture techniques to address unique features of data breaches, with the parameter estimation facilitated by the expectation-maximization algorithm. Building on frequency and severity models, the research introduces aggregate loss modeling approaches, including simple aggregation and MCMC-based methods. These models offer practical strategies for the cyber insurance industry, and the impact of various deductibles, limits, and reinsurance practices on loss aggregations is also examined. The findings emphasize the critical importance of accurate cyber risk measurement and prediction for effective risk management and mitigation. By leveraging advanced statistical models, this research contributes to the development of more resilient cybersecurity frameworks and informs strategic decision-making in advancing cyber insurance products.

Keywords: cyber risk modeling; generalized linear mixed model; mixture composite regression; Markov chain Monte Carlo; expectation-maximization algorithm; cyber risk aggregation