In Episode 166 of Cybersecurity Where You Are, Sean Atkinson sits down with Tyler Moore, Ph.D., Chair of Cyber Studies at the University of Tulsa, and Daniel Woods, Lecturer at the University of Edinburgh. Together, they review the foundations of actuarial science in cyber risk.

Here are some highlights from our episode:

• 00:48. Introductions to Tyler and Daniel
• 01:22. How actuarial science fits into a traditional approach of risk modeling
• 02:20. Why cyber risk has historically been difficult to quantify
• 04:01. How data sources available to insurers and individual organizations have evolved
• 07:21. Adaptability as a key principle to model risk for an evolving cyber threat landscape
• 08:58. Loss distribution modeling for different types of cyber threats
• 11:38. Similarities and differences between how actuaries and frameworks view risks
• 13:10. Quantifying severity, frequency, and resilience to different cyber risks
• 14:31. How insurers differ from underwriters in their view of risk
• 17:43. Ransomware as a case study where actuarial modeling improved risk management
• 22:30. The value of translating cyber risk to business risk for CISOs like Sean
• 26:20. Why data on which security controls matter most remains elusive
• 32:33. The biggest misconceptions of using actuarial models in cybersecurity
• 36:09. How cyber actuarial science can help to determine what works in cybersecurity

Resources

• Episode 121: The Economics of Cybersecurity Decision-Making
• Episode 105: Context in Cyber Risk Quantification
• Episode 77: Data's Value to Decision-Making in Cybersecurity
• How Risk Quantification Tests Your Reasonable Cyber Defense
• Episode 113: Cyber Risk Prioritization as Ransomware Defense
• Episode 65: Making Cyber Risk Analysis Practical with QRA
• FAIR: A Framework for Revolutionizing Your Risk Analysis

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].