Cyber Insurance: estimating organizations' cyber risks
CSE Seminar (2 of 2) on Friday, October 26th at 1:00 pm
2 MetroTech Center, 10th floor, Room 10.099
Speakers: Ioannis Agrafiotis and Arnau Erola both from University of Oxford
The threat landscape of cyber-attacks is rapidly changing with a potential impact of producing detrimental effects. It is becoming critical for organisations to be able to demonstrate that reasonable efforts are undertaken to mitigate cyber harms and reduce cyber-risk. However, the risk responses and controls typically viewed as necessary, and even essential, by the professional and expert community are generally not underpinned by any framework that facilitates rigorous reasoning, qualification or quantification of the benefits resulting from their deployment. In this talk, we will present a model for calculating Cyber Value at risk for organisations. CVaR is designed to take account of the potential harm that can arise from cyber-attacks, and the variable effectiveness of commonly used risk controls. This is ultimately aimed at understanding the residual risk of organisations, the harms they may be exposed to in cyberspace and the consequences of adopting risk controls. In collaboration with AXIS, a pioneer insurance company in the area of cyber insurance, we demonstrate how our CVaR tool can help organisations reason about potential losses by providing estimations of risk based on Deloitte's data breach scenario."
Ioannis Agrafiotis is a Senior Cybersecurity Researcher at the Department of Computer Science, University of Oxford and James Martin Fellow in the Global Cyber Security Capacity Centre (GCSCC), University of Oxford. His research interests include capacity building in cybersecurity, cyber economics, cyber insurance, and anomaly detection techniques for internal and external threats. Ioannis lectures at the Centre for Doctoral Training (CDT) in cybersecurity on the topics of cyber risk, security controls, online privacy and anomaly detection. He received an EPSRC scholarship and completed a PhD in Engineering (Warwick, 2012), focusing on modelling dynamic consent.
Arnau Erola is a Research Fellow at the Department of Computer Science, University of Oxford. His expertise covers data analytics, data mining and information privacy, focusing on enterprise security, defence systems and better understanding the cyber-threat landscape. Dr Erola holds a Ph. D., M. Sc. and B.Sc. in Computer Science from the University Rovira i Virgili. He is author of several international journal articles on online privacy, anonymity protocols and intrusion detection mechanisms.