The high risk emanating from the increasing number of cyber attacks on critical infrastructure systems at national or local level is only now beginning to be understood. The cascading effect of that risk beyond the system under attack into allied and interconnected fields can be even more devastating, creating chaos to major economic, food and health systems and lasting for long periods of time. In order for risk management decision makers to understand and properly prepare for such risks, models that can describe single system vulnerabilities for cyber attacks are not helpful. What would be more useful are models that can describe the degree of risk expansion as the interrelated technological systems propagate the attack deep into the ecosystem of society.
Work has been done in two allied fields by the authors: developing conceptual models exploring the impact of cyber attacks on rate setting and other risk measurement mechanisms, and detailed mathematical models that explore the impact of cyber attacks on interconnected economic and infrastructure sectors. The current paper unites these two streams of exploration on a multi-dimensional level, highlighting additional hazards, risks and dynamic interactions that need to be considered for understanding the full impact of cyber attacks, following the adoption of the Sendai Framework and the shift away from hazard to risk–based strategies for UN member states.
Based on past research, there is a gap that exists in the intersect of cybersecurity modeling and insurance rate setting. This paper attempts to fill this void by suggesting a first step towards establishing risk ratios within economic activity sectors that may suggest rate-setting relativities that could be used and tested in the field. It is important to begin differentiating risk categories based on factual evidence rather than current hypothetical models that use scenarios and individual analyst assessments that rely on assumptions lacking evidence.
This paper is a contribution to the 2019 edition of the Global Assessment Report on Disaster Risk Reduction (GAR 2019).
To cite this paper:
Toregas, C. and Santos, M. Cybersecurity and its cascading effect on societal systems. Contributing Paper to GAR 2019