查看文章

This is the first in a series of papers on the risk measures and unifying economic framework encompassing the cross-disciplinary field of “Cybernomics”. This is also the first academic paper to formally propose measurement units for cyber risk. In this paper, multidisciplinary methodologies are used to apply proven risk measurement methods in finance and medicine to define novel risk units central to cybernomics. Leveraging established risk units – MicroMort (MM) for measuring medical risk and Value-at-Risk (VaR) for measuring market risk – BitMort (BM) and hekla (named after an Icelandic volcano) are defined as cyber risk units. Risk calculation methods and examples are introduced in this paper to measure cost-effectiveness of control factors, articulate an entity's “willingness-to-pay” (risk pricing) for cyber risk reduction, cyber risk limit, and cyber risk appetite. Built around BM and hekla, cybernomics integrates …