Abstract

This chapter introduces cyber risk as a critical business risk spilling over into strategic risk, credit risk, and regulatory risk on the entity level, as well as market risk and systemic risk on the portfolio level. It then analyses the uniqueness of cyber risk, the need for cyber risk measurement and its current challenges, followed by a review on cost of cybercrime, cyber incident loss categories, and models for measuring expected loss from cyber incidents, including Annual Loss Expectancy, Standard Deviation of Loss, and Perceived Composite Risk. It then covers current methods for cyber risk measurement, e.g., Common Vulnerability Scoring System (CVSS), CORAS, stochastic ...