Digitization increases business opportunities and the risk of companies being
victims of devastating cyberattacks. Therefore, managing risk exposure and
cybersecurity strategies is essential for digitized companies that want to
survive in competitive markets. However, understanding company-specific risks
and quantifying their associated costs is not trivial. Current approaches fail
to provide individualized and quantitative monetary estimations of
cybersecurity impacts. Due to limited resources and technical expertise, SMEs
and even large companies are affected and struggle to quantify their
cyberattack exposure. Therefore, novel approaches must be placed to support the
understanding of the financial loss due to cyberattacks. This article
introduces the Real Cyber Value at Risk (RCVaR), an economical approach for
estimating cybersecurity costs using real-world information from public
cybersecurity reports. RCVaR identifies the most significant cyber risk factors
from various sources and combines their quantitative results to estimate
specific cyberattacks costs for companies. Furthermore, RCVaR extends current
methods to achieve cost and risk estimations based on historical real-world
data instead of only probability-based simulations. The evaluation of the
approach on unseen data shows the accuracy and efficiency of the RCVaR in
predicting and managing cyber risks. Thus, it shows that the RCVaR is a
valuable addition to cybersecurity planning and risk management processes