Litcius/Paper detail

Modeling Malicious Hacking Data Breach Risks

Hong Sun, Maochao Xu, Peng Zhao

2020North American Actuarial Journal43 citationsDOI

Abstract

Malicious hacking data breaches cause millions of dollars in financial losses each year, and more companies are seeking cyber insurance coverage. The lack of suitable statistical approaches for scoring breach risks is an obstacle in the insurance industry. We propose a novel frequency–severity model to analyze hacking breach risks at the individual company level, which would be valuable for underwriting purposes. We find that breach frequency can be modeled by a hurdle Poisson model, which is different from the negative binomial model used in the literature. The breach severity shows a heavy tail that can be captured by a nonparametric- generalized Pareto distribution model. We further discover a positive nonlinear dependence between frequency and severity, which our model also accommodates. Both the in-sample and out-of-sample studies show that the proposed frequency–severity model that accommodates nonlinear dependence has satisfactory performance and is superior to the other models, including the independence frequency–severity and Tweedie models.

Topics & Concepts

Generalized Pareto distributionNegative binomial distributionHackerUnderwritingSample (material)Poisson distributionComputer scienceNonparametric statisticsIndependence (probability theory)Computer securityEconometricsActuarial scienceStatisticsBusinessMathematicsExtreme value theoryChemistryChromatographyNetwork Security and Intrusion DetectionInformation and Cyber SecurityCrime Patterns and Interventions
Modeling Malicious Hacking Data Breach Risks | Litcius