Estimating probability of a cyber-security breach





Document Type



Cyber risk management has been integrated into companies' day-today operations. However, the evolving threats and fragmented data on cyber risk present a challenge for companies to understand and quantify a cybersecurity breach. In this issue, we are pleased to share with readers a research paper from Professor Shemyakin and his team from University of St. Thomas on Estimating Probability of a Cybersecurity Breach. This article discusses how to estimate probability of a breach for a specific database application. In a simple example, the probability of a breach for a database with 100,000 records can be estimated by the probability of a database breach and a BF factor. The BF factor is derived from a predictive model as discussed below. This estimate would provide decision-makers information about the probability of a breach for a specific application, so to identify the most vulnerable applications, and make it possible to assign "risk ratings" on applications.

Published in

Risk Management Newsletter

Citation/Other Information

Anthony, M., Ishmael, M., Santa, E., Shemyakin, A., Stanull, G. & Vandeweghe, N. (2019, May). Estimating probability of a cybersecurity breach. Risk Mangement Newsletter. https://doi.org/10.13140/RG.2.2.11465.39520.