top of page

Cyber Economic Definitions (Primer Set)

Updated: Feb 27



For those of you reading the X-Analytics Community insights, you will find the definitions within this posting helpful. Please see relevant definitions below.



Basic Definitions


Threat (noun)

1. : as related to information technology (IT) and operational technology (OT) systems, threat is a person or thing likely to cause damage or danger.

2. : cyber threat includes malice and error.

3. : in this report, cyber threat includes malware, hacking, social, misuse, error, environmental, and physical patterns.


Loss ratio (noun)

1. : as related to entity risk (such as a business or other organization), loss ratio is a formula that takes annual expected loss divided by annual revenue.

2. : a determination of the cyber risk problem in relation to annual revenue.

3. : a normalized interpretation of the cyber risk problem that helps an organization compare their value with peers inside the industry, peers outside industries, and other operational risks represented as a proportion of revenue.


Expected loss (noun)

1. : expected loss refers to the sum of the values of all possible losses, each multiplied by the probability of that loss occurring in the next twelve months.

2. : the estimated loss due to one or more cyber incidents per year.

3. : in this report, expected loss includes the probable loss from data breach, business interruption, misappropriation, and ransomware.



Loss Categories


Data breach (noun)

1. : data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.

2. : the severity (or cost) of a data breach is based on record volume and types of records included within the breach.

3. : data breach costs include ID protections service, forensics, regulatory finds, brand damage, and many other cost elements.


Business interruption (noun)

1. : business interruption is the intentional or unintentional disruption of one or more information technology (IT) or operational technology (OT) systems.

2. : the severity (or cost) of a business interruption is based on IT or OT system criticality, breadth of disruption, and duration.

3. : business interruption costs include revenue loss, forensics, recovery, brand damage, and many other cost elements.


Misappropriation (noun)

1. : misappropriation is the intentional, illegal use of intellectual property (IP), funds (FTF), or services via a cyber incident.

2. : the severity (or cost) of a misappropriation incident is based on the value of stolen intellectual property, stolen funds, or the direct liability related to an impacted service.

3. : misappropriation costs include stolen property, loss profits, legal fees, forensics, and many other cost elements.


Ransomware (noun)

1. : ransomware is the intentional deployment of malware intended to encrypt data within one or more information technology (IT) or operational technology (OT) systems to extort money from the victim.

2. : the severity (or cost) of ransomware is based on the breadth of infection, duration, and the extortion.

3. : ransomware costs include the extortion amount, revenue loss, forensics, recovery, brand damage, and many other cost elements.

4. : in recent times, ransomware is shifting from a pure availability incident to a data breach incident to further extort money from the victim.



Systemic Risk Definitions


Systemic risk (noun)

1. : in financial terms, systemic risk denotes the risk of a cascading failure within a sector, caused by linkages within the sector, resulting in economic downturn.

2. in cyber risk terms, systemic risk is the breakdown of all or a substantial portion of internet-based or otherwise inter-connected IT and/or OT macro ecosystem.

3. : in cyber economic terms, systemic risk is the exposure triggered when one cyber incident or a series of cyber incidents causes widespread financial damage.



Cyber Insurance Definitions


Loss ratio (noun)

1. : as related to insurance risk, loss ratio is a formula that takes the sum of all insurance claims and adjustment expenses divided by total earned premiums.

2. : the insurance loss ratio indicates the quality of underwriting in relation to price of the insurance product.






Comments


bottom of page