[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries
.

New framework helps firms assess cyber threats

A framework is being developed to help companies assess the risks they face from cyber attacks.


21 JANUARY 2015 | BY CINTIA CHEONG

The ‘cyber value-at-risk framework’ was proposed in a report entitled Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created by the World Economic Forum (WEF) in collaboration with Deloitte and with the input of 50 other global organisations.

The goal of the framework is to standardise and unify different factors into a single approach to the assessment of the risks of cyber attacks. It helps companies address what the threats are, describes the characteristics of target firms and the types of attacks that can occur. 

The report said: “The biggest challenge with the cyber risk quantification models so far is not the technique chosen for modelling the risk, but rather the quality of the input variables. The type, precision and optimisation of the risk model inside the cyber value-at-risk concept are relevant, but the input variables offered to the value-at-risk model are the main concern and should be addressed first.”

Jacques Buith, managing partner at Deloitte Risk Services said: "We need to be able to quantify cyber-risks if proper cyber-resilience assurance is to be achieved.”

Details of this framework will be further discussed at the 45th World Economic Forum Annual Meeting in Davos, taking place this week.

The framework was prompted by a report produced by the WEF in collaboration with McKinsey and Co Risk and Responsibility in a Hyperconnected World. It mentioned the impact cyber attacks have on businesses. According to the report, companies delayed implementing cloud and mobile technology because of security concerns.

WEF warns that 90 per cent of companies worldwide recognise they are insufficiently prepared to protect themselves against cyber attacks.

“Most large institutions do not systematically understand which information assets need to be protected, who their attackers could be, what their risk appetite is or which is the most effective set of defence mechanisms,” said the McKinsey report.

Alan Marcus, head of information and communication technology industries at the WEF, said: “Continuous cyber attacks on global organisations are showing that we are at a crossroads.”