The mass adoption of cyber insurance will be predicated on the ability to conduct quantitative cyber risk assessment. This capability is crucial for not only providing insight into the cost of targeted threats but also providing incentives for insured enterprises to invest in protection aimed at preventing exploitation of targeted threats. Research indicates that asymmetric information, correlated loss and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. In this paper, we present an analysis of cyber impacts based on cyber incidents reported in the Advisen cyber loss data feed. We show: (i) how exposure to cyber incidents varies between corporate sectors; (ii) how the type of incident relates to the number of entities and individuals affected by it; (iii) how the type of incident relates to the eventual financial cost; (iv) what type of information is most frequently compromised; (v) a breakdown of the main actors behind cyber incidents; and (vi) how tree-based classifiers can be used to gain insight into cyber risk indicators affecting the cost of incidents.

中文翻译：

---

分析网络事件对网络保险的影响

网络保险的大规模采用将取决于进行定量网络风险评估的能力。此功能不仅对于洞悉目标威胁的成本至关重要，而且对于激励被保险企业投资于旨在防止利用目标威胁的防护方面的投资也至关重要。研究表明，如果保险公司无法监控被保险企业的网络安全工作，信息不对称，相关损失和相互依存的安全问题将使这一工作变得困难。在本文中，我们将根据Advisen网络丢失数据Feed中报告的网络事件对网络影响进行分析。我们证明：（i）企业部门之间网络事件的暴露程度如何变化；（ii）事件的类型与受事件影响的实体和个人的数量有何关系；（iii）事件类型与最终财务成本有何关系；（iv）最经常泄露哪种类型的信息；（v）网络事件背后的主要行为者的细分；（vi）如何使用基于树的分类器来深入了解影响事件成本的网络风险指标。