Cyber risk management: technical and economic factors

The Internet evolution is one of the greatest innovations of the twentieth century and has changed lives of individuals and business organizations. On the other hand, potential attacks on the information systems and eventual crash may cause heavy losses on data, services and business operation. Executives and security professionals are accepting that it is not a matter of if but a matter of when their organization will be hit by a cyber-attack. As a consequence, cyber risk is a fast-growing area of concern. Companies have to include cyber risk in their risk management framework, depicting their risk profile, assessing their risk appetite and looking for corresponding risk transfer solutions. Measures and methods used in financial sector to quantify risk, have been recently applied to cyber world. The aim is to help organizations to improve risk management strategies and to make better decisions about investments in cyber security. On the other hand, they are useful instruments for insurance companies in pricing cyber insurance contracts and setting the minimum capital requirements defined by the regulators. Aim of this contribution, is to offer a review of the recent literature on cyber risk management deepening economic issues and their interplay with technical ones, from both internal (organization) and external (systemic) perspectives.