Tags: Cyber Risk, Cyber Security, Modeling, Risk Transfer, IRFRC
More from: Shaun S. Wang

The cyber project fulfills three objectives based on Government-Industry-Academic collaborations

Firstly is data and modelling, in analyzing the economic loss as a consequence of cyber breach.

Secondly is cyber risk assessment based on inside-out; outside-in principles in terms of data input and data output.

Thirdly is the policy and recommendation especially on how cyber insurance products can be offered.

The main findings of the project through developing a series of economics of risk management. Based on three main findings as:

1. Risk Knowledge of organisation: based on knowledge of respective organisation environments such as vulnerabilities and what their key assets are.

2. Economics of Cyber Security Risk Reduction: firms make investments such as hiring people and procurement of cyber security products. The economics responds to budget allocation for an organisation and effectiveness of organisations spending money to adequately be protected.

3. Risk Transfer: To address areas of Unknown-Unknown where there is a need for risk transfer. Based on the cyber research findings to recommend the practical business model for transferring cyber risk so as to reduce cost and information asymmetry.

Under the research process: the acquisition of raw data followed by analyzing of the real impact and economic loss for both direct and indirect loss such as business disruptions. Major implications stand as the need for a business approach, could be for cyber insurance, product or process can be offered in a modern approach to reach economics of scale. Cyber components such as cyber intelligence which could empower companies in their cyber defence. Furthermore there is a need to address credible and effective emergency cyber response based on economies of scale which can be offered to the market, lowering the barrier of entry for businesses.

Generation of economic value would undergo wholesale purchase of such cyber defense options for the ecosystem.

In summary, the key output of the cyber project would review an entirely new business response as a product formulated under the Government-Industry collaboration. The product cannot be treated as a traditional cyber insurance otherwise the regulators may enquire on the levels of unknown risks which will not make any feasibility for the pricing and costing product purposes. The product will serve mainly as a risk reduction service to mitigate the level of capitals needed.

As such the cyber project aims to address current era cyber security gaps in a holistic approach and scale.

For more information about the project, please visit project website:
http://irfrc.ntu.edu.sg/Research/cyrim.