For those of you reading the X-Analytics Community insights, you will find the definitions within this posting helpful. Please see relevant definitions below.
Basic Definitions
Threat (noun)
1. : as related to information technology (IT) and operational technology (OT) systems, threat is a person or thing likely to cause damage or danger.
2. : cyber threat includes malice and error.
3. : in this report, cyber threat includes malware, hacking, social, misuse, error, environmental, and physical patterns.
Loss ratio (noun)
1. : as related to entity risk (such as a business or other organization), loss ratio is a formula that takes annual expected loss divided by annual revenue.
2. : a determination of the cyber risk problem in relation to annual revenue.
3. : a normalized interpretation of the cyber risk problem that helps an organization compare their value with peers inside the industry, peers outside industries, and other operational risks represented as a proportion of revenue.
Expected loss (noun)
1. : expected loss refers to the sum of the values of all possible losses, each multiplied by the probability of that loss occurring in the next twelve months.
2. : the estimated loss due to one or more cyber incidents per year.
3. : in this report, expected loss includes the probable loss from data breach, business interruption, misappropriation, and ransomware.
Loss Categories
Data breach (noun)
1. : data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.
2. : the severity (or cost) of a data breach is based on record volume and types of records included within the breach.
3. : data breach costs include ID protections service, forensics, regulatory finds, brand damage, and many other cost elements.
Business interruption (noun)
1. : business interruption is the intentional or unintentional disruption of one or more information technology (IT) or operational technology (OT) systems.
2. : the severity (or cost) of a business interruption is based on IT or OT system criticality, breadth of disruption, and duration.
3. : business interruption costs include revenue loss, forensics, recovery, brand damage, and many other cost elements.
Misappropriation (noun)
1. : misappropriation is the intentional, illegal use of intellectual property (IP), funds (FTF), or services via a cyber incident.
2. : the severity (or cost) of a misappropriation incident is based on the value of stolen intellectual property, stolen funds, or the direct liability related to an impacted service.
3. : misappropriation costs include stolen property, loss profits, legal fees, forensics, and many other cost elements.
Ransomware (noun)
1. : ransomware is the intentional deployment of malware intended to encrypt data within one or more information technology (IT) or operational technology (OT) systems to extort money from the victim.
2. : the severity (or cost) of ransomware is based on the breadth of infection, duration, and the extortion.
3. : ransomware costs include the extortion amount, revenue loss, forensics, recovery, brand damage, and many other cost elements.
4. : in recent times, ransomware is shifting from a pure availability incident to a data breach incident to further extort money from the victim.
Systemic Risk Definitions
Systemic risk (noun)
1. : in financial terms, systemic risk denotes the risk of a cascading failure within a sector, caused by linkages within the sector, resulting in economic downturn.
2. in cyber risk terms, systemic risk is the breakdown of all or a substantial portion of internet-based or otherwise inter-connected IT and/or OT macro ecosystem.
3. : in cyber economic terms, systemic risk is the exposure triggered when one cyber incident or a series of cyber incidents causes widespread financial damage.
Cyber Insurance Definitions
Loss ratio (noun)
1. : as related to insurance risk, loss ratio is a formula that takes the sum of all insurance claims and adjustment expenses divided by total earned premiums.
2. : the insurance loss ratio indicates the quality of underwriting in relation to price of the insurance product.
Comentarios