A quantitative bow-tie cyber risk classification and assessment framework

Cyber-attacks pose a growing threat to global commerce that is increasingly reliant on digital technology conduct business. Traditional risk assessment and underwriting practices face serious shortcomings when encountered with cyber threats. Conventional frameworks rate based historical frequency severity of losses incurred, this method effective for known risks; however, due the absence data, prove ineffective assessing risk. This paper proposes conceptual classification framework, designed demonstrate significance proactive reactive barriers in reducing companies’ exposure quantify combines bow-tie model matrix produce rating likelihood cyber-threat occurring potential resulting consequences. The can accommodate both data expert opinion previously score Threats, Barriers Escalators framework. resultant framework applied large city hospital Europe. results highlighted weaknesses actions should be taken bolster defences. provide quick visual guide assessable experts management. It also provides practical allows insurers assess risks, visualise areas concern record effectiveness implementing control barriers.