Analysing IoT Cyber Risk for Estimating IoT Cyber Insurance

Cyber Security Framework for the Internet-of-Things in Industry 4.0

10.20944/preprints201903.0111.v1 ◽

2019 ◽

Cited By ~ 2

Author(s):

Petar Radanliev ◽

Rafael Mantilla Montalvo ◽

Stacy Cannady ◽

Razvan Nicolescu ◽

Dave De Roure ◽

...

Keyword(s):

Cyber Security ◽

Industry 4.0 ◽

Assessment Model ◽

Theory Approach ◽

Risk Models ◽

Economic Impact Assessment ◽

Cyber Risk ◽

Grounded Theory Approach ◽

The Internet Of Things

This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk.

Download Full-text

Use of 4.0 (I4.0) technology in HRM: a pathway toward SHRM 4.0 and HR performance

foresight ◽

10.1108/fs-06-2021-0128 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Rajasshrie Pillai ◽

Shilpi Yadav ◽

Brijesh Sivathanu ◽

Neeraj Kaushik ◽

Pooja Goel

Keyword(s):

Grounded Theory ◽

Industry 4.0 ◽

Design Methodology ◽

Extensive Literature ◽

Theory Approach ◽

Structured Interviews ◽

Content Type ◽

Hr Managers ◽

The Impact ◽

Grounded Theory Approach

Purpose This paper aims to investigate the use of Industry 4.0 (I4.0) technology and its barriers in human resourcemanagement (HRM) for Smart HR 4.0 and its impact on HR performance. Design/methodology/approach The research has been conducted using the grounded theory approach. Semi-structured interviews were conducted with 122 senior HR officers of national and multi-national companies in India after the extensive literature review. NVivo 8.0 software was used for the analysis of the interview data. Findings I4.0 technology is used for HRM functions by HR professionals. It is revealed that Smart HR 4.0 that emerged from the I4.0 technology has leveraged the HR performance. It is also found that usage barriers, traditional barriers and risk barriers affect the use of I4.0 technology in HRM. Originality/value A model is developed using the grounded theory approach for HR managers to understand the impact of I4.0 on HRM. This study reveals the barriers affecting the use of I4.0 technology in HRM. It also provides the model for HR performance that emerged through the use of I4.0 technology in HR and Smart HR 4.0. The research delivered key insights for the HR professionals, marketers of HR technology and technology developers.

Download Full-text

Cyber Insurance as a Way of Cyber Risks Management

Safety in Technosphere ◽

10.12737/article_5d8b1f1205ad35.02378913 ◽

2019 ◽

Vol 7 (5) ◽

pp. 35-42

Author(s):

Александр Суворов ◽

Aleksandr Suvorov ◽

Мария Матанцева ◽

Mariya Matanceva ◽

Евгения Плотникова ◽

...

Keyword(s):

Cyber Security ◽

Insurance Industry ◽

Security Level ◽

Controversial Issues ◽

It Infrastructure ◽

Software Products ◽

Cyber Insurance ◽

Risk Insurance ◽

Commercial Organization ◽

Cyber Risk

A review of the cyber insurance domain has been carried out with a description of classical terms from the insurance industry. Have been considered two the most comprehensive today definitions of cyber risk in authors’ opinion. A diagram of processes for cyber risk management using insurance has been presented, and the place of cyber-risk among other company’s risks has been demonstrated, i. e. the context of cyber risk among the risks of any commercial organization has been shown. A typical cyber insurance process has been described, and a scheme of cyber insurance processes has been developed. A brief description of problem areas and controversial issues in cyber insurance, with which cyber-risk insurance practices may face, has been presented, as well as a table showing at which stage of cyber-insurance the specific problems may arise. Has been provided the basic economic utility function, which formalizes decision making for agents with a different attitude to risk. Standards in cyber security, and various software products that can be used as a tool for assessing the security level of an enterprise’s IT infrastructure have been presented, and it has been demonstrated how these products can help in cyber risk assessment. Different methods used at each stage of cyber insurance have been shown.

Download Full-text

Effective DevSecOps Implementation: A Systematic Literature Review

Revista Gestão Inovação e Tecnologias ◽

10.47059/revistageintec.v11i4.2514 ◽

2021 ◽

Vol 11 (4) ◽

pp. 4931-4945

Author(s):

Dhaval Anjaria ◽

Mugdha Kulkarni

Keyword(s):

Grounded Theory ◽

Literature Review ◽

Software Development ◽

Systematic Literature Review ◽

Software Security ◽

Theory Approach ◽

Academic Literature ◽

Significant Change ◽

Grounded Theory Approach ◽

Fast Release

Adopting DevOps means increased collaboration between development and operations teams and faster release cycles through a shift to automation. Using Dev Ops brings with it several advantages in the development of software. Security, however, is often neglected in DevOps due to the fast release cycle. Therefore Dev Sec Ops has emerged as an extension to DevOps that attempts to integrate security with Dev Ops practices, which is not without its challenges. DevOps, and by extension Dev Sec Ops, represents a significant change in the culture, tooling, and processes used in software development. Therefore, when implementing DevSecOps, teams and their organizations need to be aware of the challenges it brings and how to address those challenges for a DevSecOps implementation to be effective. Literature on DevSecOps exists that outlines practices and principles to do this. This paper uses a grounded theory approach to do a systematic literature review of academic literature to find the factors that contribute to an effective DevSecOps implementation. It attempts to reconcile the challenges of DevSecOps with ways of mitigating them and the advantages that a DevSecOps implementation can bring. The paper thus outlines methods of effectively implementing DevSecOps as described in academic literature.

Download Full-text

Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

Law & Social Inquiry ◽

10.1111/lsi.12303 ◽

2018 ◽

Vol 43 (02) ◽

pp. 417-440 ◽

Cited By ~ 16

Author(s):

Shauhin A. Talesh

Keyword(s):

Risk Management ◽

Cyber Security ◽

Participant Observation ◽

Legal Regulation ◽

Insurance Companies ◽

Organizational Sociology ◽

Cyber Insurance ◽

Privacy Laws ◽

Cyber Risk ◽

Management Services

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

Download Full-text

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Risks ◽

10.3390/risks9010024 ◽

2021 ◽

Vol 9 (1) ◽

pp. 24

Author(s):

Alessandro Mazzoccoli ◽

Maurizio Naldi

Keyword(s):

Risk Management ◽

Cyber Security ◽

Management Strategies ◽

Limited Liability ◽

Optimal Investment ◽

Cyber Insurance ◽

Risk Management Strategies ◽

Cyber Risk ◽

Investment Choices ◽

Very High

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.

Download Full-text

The County Fair Cyber Loss Distribution

Digital Threats: Research and Practice ◽

10.1145/3434403 ◽

2021 ◽

Vol 2 (2) ◽

pp. 1-21

Author(s):

Daniel W. Woods ◽

Tyler Moore ◽

Andrew C. Simpson

Keyword(s):

Cyber Security ◽

Value Premium ◽

Loss Distribution ◽

Insurance Pricing ◽

Cyber Insurance ◽

Data Market ◽

Loss Models ◽

Cyber Risk ◽

Shed Light ◽

Over Time

Insurance premiums reflect expectations about the future losses of each insured. Given the dearth of cyber security loss data, market premiums could shed light on the true magnitude of cyber losses despite noise from factors unrelated to losses. To that end, we extract cyber insurance pricing information from the regulatory filings of 26 insurers. We provide empirical observations on how premiums vary by coverage type, amount, and policyholder type and over time. A method using particle swarm optimisation and the expected value premium principle is introduced to iterate through candidate parameterised distributions with the goal of reducing error in predicting observed prices. We then aggregate the inferred loss models across 6,828 observed prices from all 26 insurers to derive the County Fair Cyber Loss Distribution . We demonstrate its value in decision support by applying it to a theoretical retail firm with annual revenue of $50M. The results suggest that the expected cyber liability loss is $428K and that the firm faces a 2.3% chance of experiencing a cyber liability loss between $100K and $10M each year. The method and resulting estimates could help organisations better manage cyber risk, regardless of whether they purchase insurance.

Download Full-text

Cyber Risk Management for the Internet of Things

10.20944/preprints201904.0133.v1 ◽

2019 ◽

Cited By ~ 2

Author(s):

Petar Radanliev ◽

David Charles De Roure ◽

Jason R.C. Nurse ◽

Pete Burnap ◽

Eirini Anthi ◽

...

Keyword(s):

Risk Assessment ◽

Internet Of Things ◽

Impact Assessment ◽

Cyber Security ◽

The Internet ◽

Target State ◽

High Level ◽

Cyber Risk ◽

The Internet Of Things ◽

Oriented Approach

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.

Download Full-text

Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment

10.20944/preprints201903.0080.v1 ◽

2019 ◽

Cited By ~ 2

Author(s):

Petar Radanliev ◽

David De Roure ◽

Jason R.C. Nurse ◽

Pete Burnap ◽

Eirini Anthi ◽

...

Keyword(s):

Internet Of Things ◽

Impact Assessment ◽

Cyber Security ◽

The Internet ◽

Self Assessment ◽

Target State ◽

Iot Devices ◽

High Level ◽

Cyber Risk ◽

The Internet Of Things

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.

Download Full-text

Learn from insurance: cyber bore

The Journal of Risk Finance ◽

10.1108/15265941311288130 ◽

2012 ◽

Vol 14 (1) ◽

pp. 100-102 ◽

Cited By ~ 2

Author(s):

Michael Mainelli

Keyword(s):

At Risk ◽

Cyber Security ◽

Design Methodology ◽

Insurance Markets ◽

Cyber Crime ◽

Cyber Terrorism ◽

Content Type ◽

Cyber Insurance ◽

Terrorism Risk ◽

Cyber Risk

PurposeThe purpose of this paper is to look at how cyber insurance markets might work with the backing of government reinsurance.Design/methodology/approachThe paper is based on interviews and workshops on cyber security, cyber terrorism and cyber crime.FindingsThe paper links a successful 1990s' approach to property terrorism risk to helping address cyber risk.Originality/valueOf note, the author suggests that cyber risk is under control when organisations at risk can purchase normal insurances.

Download Full-text