This report explores a cyber risk management modelling framework that would allow corporates to estimate their risk exposure to three cyber events: ransomware attack, data breach and cloud outage. Three hypothetical case study companies are used to explore the financial impacts of these events and potential risk reduction from control implementation.
In the world of cyber risk, there are three main categories of business data impact: confidentiality, integrity, and availability. In this report, we will look at two hypothetical attacks which predominantly affect data availability: ransomware and cloud outage, and a third attack which affects data confidentiality: data breach.
This report details the current state of the cyber threat landscape in greater detail, as well as the process of modelling and parameterising a framework allowing corporates to quantify impacts from three cyber scenarios focusing on these three major trends. The framework is then applied to three case study companies in different sectors: Transportation, Apparel Retail, and Manufacturing. The primary result is the earnings value at risk over the next 5 years (5 yr EV@Risk) and the ratio of the scenario EV@Risk versus the baseline earnings value (EV). This framework is expanded to quantify the potential risk reduction from implementation of control improvements.