Cyber breaches are costly for the global economy and extensive efforts have gone into improving the cybersecurity infrastructure. There are numerous types of cyber breaches that vary greatly in terms of cause and impact, resulting in an extensive literature for individual cyber breach type. Our paper seeks to provide a general framework that can be easily applied to analyze different types of cyber breaches. Our framework is inspired by the taxonomy approach in the cybersecurity literature, where it was proposed that an effective set of taxonomy can provide a direction on supporting improved decision-making in cyber risk management and selecting relevant cybersecurity controls. Our paper extends upon the current approach by using this taxonomy to model and predict the associated breach outcomes, given the occurrence of a cyber breach. Specifically, our paper applies least absolute shrinkage and selection operator (LASSO) within a taxonomy framework. Using a proprietary database of known cyber breaches, we show that this analytical tool performs well in out-of-sample predictions and a stable model that generates consistent predictions. For each cyber breach outcome type, we also provide the list of keywords that are useful in predicting the outcome type. We envision researchers, insurers, underwriters, and cybersecurity professionals can use (or expand on) our list of keywords, or use our method to yield their own set of keywords. Practitioners who seek to mitigate their cyber risk may use these keywords as a guide towards the specific attack surfaces that might be most susceptible to the corresponding breach. Our paper lays the groundwork for researchers to better apply the taxonomy approach within cybersecurity research. We also perform regression analysis to identify industries that are most susceptible to various cyber breach events. Our results corroborate with the literature, where some industries are indeed more likely to be impacted by certain types of cyberattacks.

中文翻译：

---

预测分类分析 (LASSO)：预测网络违规的结果类型

网络泄露对全球经济来说代价高昂，人们为改善网络安全基础设施付出了巨大的努力。网络泄露的类型有很多种，其原因和影响差异很大，因此针对各种网络泄露类型有大量文献。我们的论文旨在提供一个通用框架，可以轻松应用于分析不同类型的网络漏洞。我们的框架受到网络安全文献中分类法的启发，其中提出一套有效的分类法可以为支持改进网络风险管理决策和选择相关网络安全控制措施提供方向。我们的论文扩展了当前的方法，在发生网络泄露的情况下，使用这种分类法来建模和预测相关的泄露结果。具体来说，我们的论文在分类框架内应用了最小绝对收缩和选择算子（LASSO）。使用已知网络漏洞的专有数据库，我们表明该分析工具在样本外预测和生成一致预测的稳定模型中表现良好。对于每种网络漏洞结果类型，我们还提供了可用于预测结果类型的关键字列表。我们设想研究人员、保险公司、承保人和网络安全专业人员可以使用（或扩展）我们的关键字列表，或使用我们的方法生成他们自己的关键字集。寻求降低网络风险的从业者可以使用这些关键字作为针对最容易受到相应漏洞影响的特定攻击面的指导。我们的论文为研究人员在网络安全研究中更好地应用分类方法奠定了基础。我们还进行回归分析，以确定最容易受到各种网络泄露事件影响的行业。我们的结果与文献相符，一些行业确实更有可能受到某些类型的网络攻击的影响。