Modeling the impact of selected cyber threats on the organization’s parameters in the framework of cyber risk insurance

Many small and medium-sized organizations face very frequent attacks on their information systems and valuable assets. One of the ways to face and prevent the occurrence of damage from these undesirable events is to insure information systems against cyber-risk. This paper presents the possibilities of modeling the impact of cyber threats on selected organizational parameters. The main results, which are based on the interaction of cyber threats and identified parameters, can then be intercepted in the context of cyber-risk insurance. The main findings can be used as a platform for setting optimal insurance coverage for the organization. © 2018, World Scientific and Engineering Academy and Society. All rights reserved

Global Risks 2015, 10th Edition.

The 2015 edition of the Global Risks report completes a decade of highlighting the most significant long-term risks worldwide, drawing on the perspectives of experts and global decision-makers. Over that time, analysis has moved from risk identification to thinking through risk interconnections and the potentially cascading effects that result. Taking this effort one step further, this year's report underscores potential causes as well as solutions to global risks. Not only do we set out a view on 28 global risks in the report's traditional categories (economic, environmental, societal, geopolitical and technological) but also we consider the drivers of those risks in the form of 13 trends. In addition, we have selected initiatives for addressing significant challenges, which we hope will inspire collaboration among business, government and civil society communitie

Global Risks 2014, Ninth Edition.

The Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. To manage global risks effectively and build resilience to their impacts, better efforts are needed to understand, measure and foresee the evolution of interdependencies between risks, supplementing traditional risk-management tools with new concepts designed for uncertain environments. If global risks are not effectively addressed, their social, economic and political fallouts could be far-reaching, as exemplified by the continuing impacts of the financial crisis of 2007-2008

Unreasonable: A Strict Liability Solution to the FTC’s Data Security Problem

For over two decades, the FTC creatively employed its capacious statute to police against shoddy data practices. Although the FTC’s actions were arguably needed at the time to fill a gap in enforcement, there are reasons to believe that its current approach has outlived its usefulness and is in serious need of updating. In particular, our analysis shows that the FTC’s current approach to data security is unlikely to instill anything close to optimal incentives for data holders. These shortcomings cannot be fixed through changes to the FTC enforcement approach, as they are largely generated by a mismatch between the tools that Congress gave it over a century ago and what it needs to foster firms’ incentives to mimic socially optimal levels of care for the data they hold. Not only does the current framework likely suffer from informational deficiencies attendant to its focus on “reasonable” security that render liability standards uncertain, it also lacks the ability to obtain the type of relief that will force firms to internalize the costs of their data security decisions. We examine the problem of data security enforcement through the lens of the economics of optimal precautions and identify several reasons why a strict liability regime administered by the FTC, under which firms pay for the expected harm from breaches they cause, is likely to be superior to the current framework that revolves around the concept of reasonableness. The benefits of strict liability flow from the likelihood that firms do not fully internalize the costs and benefits of their data security decisions and the relatively large informational burdens associated with measuring actual and optimal care under a negligence regime. We also show why in this informational environment, strict liability is better than negligence for developing a vibrant cyber insurance market, allowing for data security regulation to be de facto outsourced to insurers who will contract with firms for optimal levels of care. Because these private contracts will harness private information on costs and benefits from precautions, they are likely to incentivize more efficient behavior

The Global Risks Report 2016, 11th Edition

Now in its 11th edition, The Global Risks Report 2016 draws attention to ways that global risks could evolve and interact in the next decade. The year 2016 marks a forceful departure from past findings, as the risks about which the Report has been warning over the past decade are starting to manifest themselves in new, sometimes unexpected ways and harm people, institutions and economies. Warming climate is likely to raise this year's temperature to 1° Celsius above the pre-industrial era, 60 million people, equivalent to the world's 24th largest country and largest number in recent history, are forcibly displaced, and crimes in cyberspace cost the global economy an estimated US$445 billion, higher than many economies' national incomes. In this context, the Reportcalls for action to build resilience – the "resilience imperative" – and identifies practical examples of how it could be done.The Report also steps back and explores how emerging global risks and major trends, such as climate change, the rise of cyber dependence and income and wealth disparity are impacting already-strained societies by highlighting three clusters of risks as Risks in Focus. As resilience building is helped by the ability to analyse global risks from the perspective of specific stakeholders, the Report also analyses the significance of global risks to the business community at a regional and country-level