Date of Award
Summer 8-4-2022
Degree Type
Dissertation
Degree Name
Doctor of Philosophy in Analytic and Data Science
Department
Statistics and Analytical Sciences
Committee Chair/First Advisor
Dr. Michael Whitman
Committee Member
Dr. Eric Dallal
Committee Member
Dr. Jennifer Priestley
Committee Member
Dr. Xinyan Zhang
Abstract
This research addresses two key problems in the cyber insurance industry – reporting delays and under-reporting of cyber incidents. Both problems are important to understand the true picture of cyber incident rates. While reporting delays addresses the problem of delays in reporting due to delays in timely detection, under-reporting addresses the problem of cyber incidents frequently under-reported due to brand damage, reputation risk and eventual financial impacts.
The problem of reporting delays in cyber incidents is resolved by generating the distribution of reporting delays and fitting modeled parametric distributions on the given domain. The reporting delay distribution was found to be non-stationary and bimodal. While non-stationarity was handled by generating the monthly reporting delay distribution over the rolling two-year moving window, the bimodal aspect required an optimization algorithm to compute the parameters. The modeled parametric distribution is further extended to infinite domain to obtain the complete overview of the incidents occurred but not yet reported. The complete modeled parametric distribution provides the correction factors showing an increasing trend in recent months rather than a decline as observed from reported incidents. The correction of reporting delays is computed for the US market. The study is further extended to highlight how reporting delays vary from industry to industry. Four different industries of US companies were compared within US market: Finance and Insurance, Educational Services, Health Care and Social Assistance, and Public Administration. The comparative study showed the corrections for reporting delays in the overall US market and by industry, with specific emphasis on the four distinct industries.
The problem of under-reporting in cyber incidents is addressed in context of population characteristics. The proposed solution computes the large variations in under-reporting as a function of the three variables - revenue, incident type, and industry. Three different incident types–hacking, social engineering, and ransomware-- and five industries– Retail Trade, Manufacturing, Finance and Insurance, Professional Scientific Technical Services, and Wholesale Trade– were studied. The research highlighted that there is a need to address under-reporting by incident types and by industry.