{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T23:44:21Z","timestamp":1773877461642,"version":"3.50.1"},"reference-count":35,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2023,8,12]],"date-time":"2023-08-12T00:00:00Z","timestamp":1691798400000},"content-version":"vor","delay-in-days":223,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"name":"Cyber Risk Management"},{"DOI":"10.13039\/501100001381","name":"National Research Foundation of Singapore","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Tel Aviv University of Israel"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,1,5]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Cyber breaches are costly for the global economy and extensive efforts have gone into improving the cybersecurity infrastructure. There are numerous types of cyber breaches that vary greatly in terms of cause and impact, resulting in an extensive literature for individual cyber breach type. Our paper seeks to provide a general framework that can be easily applied to analyze different types of cyber breaches. Our framework is inspired by the taxonomy approach in the cybersecurity literature, where it was proposed that an effective set of taxonomy can provide a direction on supporting improved decision-making in cyber risk management and selecting relevant cybersecurity controls. Our paper extends upon the current approach by using this taxonomy to model and predict the associated breach outcomes, given the occurrence of a cyber breach. Specifically, our paper applies least absolute shrinkage and selection operator (LASSO) within a taxonomy framework. Using a proprietary database of known cyber breaches, we show that this analytical tool performs well in out-of-sample predictions and a stable model that generates consistent predictions. For each cyber breach outcome type, we also provide the list of keywords that are useful in predicting the outcome type. We envision researchers, insurers, underwriters, and cybersecurity professionals can use (or expand on) our list of keywords, or use our method to yield their own set of keywords. Practitioners who seek to mitigate their cyber risk may use these keywords as a guide towards the specific attack surfaces that might be most susceptible to the corresponding breach. Our paper lays the groundwork for researchers to better apply the taxonomy approach within cybersecurity research. We also perform regression analysis to identify industries that are most susceptible to various cyber breach events. Our results corroborate with the literature, where some industries are indeed more likely to be impacted by certain types of cyberattacks.<\/jats:p>","DOI":"10.1093\/cybsec\/tyad015","type":"journal-article","created":{"date-parts":[[2023,8,12]],"date-time":"2023-08-12T09:33:26Z","timestamp":1691832806000},"source":"Crossref","is-referenced-by-count":5,"title":["Predictive Taxonomy Analytics (LASSO): Predicting Outcome Types of Cyber Breach"],"prefix":"10.1093","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4192-072X","authenticated-orcid":false,"given":"Jing Rong","family":"Goh","sequence":"first","affiliation":[{"name":"School of Economics, Singapore Management University , Singapore 188065"},{"name":"Risk Lighthouse International , Singapore 051531"},{"name":"Accredify , Singapore 339213"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shaun S","family":"Wang","sequence":"additional","affiliation":[{"name":"Risk Lighthouse International , Singapore 051531"},{"name":"Department of Finance, Southern University of Science and Technology , Shenzhen 518055 , China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yaniv","family":"Harel","sequence":"additional","affiliation":[{"name":"Interdisciplinary Cyber Research Center (ICRC), Tel Aviv University , Tel Aviv 6997801 , Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gabriel","family":"Toh","sequence":"additional","affiliation":[{"name":"Cyber Risk Management [CyRiM] Project, Nanyang Business School, Nanyang Technological University , Singapore 639798"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2023,8,12]]},"reference":[{"key":"2023081209332370400_bib1","article-title":"The Economic Impact of Cybercrime\u2014No Slowing Down","author":"McAfee"},{"key":"2023081209332370400_bib2","article-title":"The Hidden Costs of Cybercrime","author":"McAfee"},{"key":"2023081209332370400_bib3","article-title":"This is the Crippling Cost of Cybercrime on Corporations","author":"World Economic Forum","journal-title":"World Economic Forum"},{"key":"2023081209332370400_bib4","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","article-title":"Hype and heavy tails: a closer look at data breachnes","volume":"2","author":"Edwards","year":"2016","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib5","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1080\/07421222.2015.1063315","article-title":"Estimating the contextual risk of data breach: an empirical approach","volume":"32","author":"Sen","year":"2015","journal-title":"J Manag Inf Syst"},{"key":"2023081209332370400_bib6","doi-asserted-by":"crossref","DOI":"10.1093\/cybsec\/tyz003","article-title":"Ransomware payments in the Bitcoin ecosystem","volume":"5","author":"Paquet-Clouston","year":"2019","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib7","first-page":"1","article-title":"An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability","volume":"6","author":"Connolly","year":"2020","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1093\/cybsec\/tyy004","article-title":"The costs of consumer-facing cybercrime: an empirical exploration of measurement issues and estimates","volume":"4","author":"Riek","year":"2018","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1093\/cybsec\/tyz010","article-title":"Embracing and controlling risk dependency in cyber-insurance policy underwriting","volume":"5","author":"Khalili","year":"2019","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1093\/cybsec\/tyab007","article-title":"Hacking for good: leveraging HackerOne data to develop an economic model of Bug Bounties","volume":"7","author":"Sridhar","year":"2021","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1093\/cybsec\/tyy006","article-title":"A taxonomy of cyber-harms: defining the impacts of cyberattacks and understanding how they propagate","volume":"4","author":"Agrafiotis","year":"2018","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib12","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1111\/j.2517-6161.1996.tb02080.x","article-title":"Regression shrinkage and selection via the lasso","volume":"58","author":"Tibshirani","year":"1996","journal-title":"J R Stat Soc Series B Stat Methodol"},{"key":"2023081209332370400_bib13","article-title":"2020 Mid Year Report Vulnerability QuickView","author":"RiskBased Security","year":"2020"},{"key":"2023081209332370400_bib14","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","author":"Gordon","year":"2002","journal-title":"ACM Trans Inf Syst Secur"},{"key":"2023081209332370400_bib15","doi-asserted-by":"crossref","first-page":"610","DOI":"10.1126\/science.1130992","article-title":"The economics of information security","volume":"314","author":"Anderson","year":"2006","journal-title":"Science"},{"key":"2023081209332370400_bib16","article-title":"IT security investment and Gordon\u2013Loeb\u2019s 1\/e rule","author":"Baryshnikov","year":"2012","journal-title":"The Workshop on the Economics of Information Security (WEIS)"},{"key":"2023081209332370400_bib17","first-page":"10","article-title":"Security metrics and security investment models","volume":"6434","author":"B\u00f6hme","year":"2010","journal-title":"Adv Inf Comput Secur IWSEC"},{"key":"2023081209332370400_bib18","first-page":"1","article-title":"Capital requirements for cyber risk and cyber risk insurance: an analysis of solvency II, the U.S. risk-based capital standards, and the Swiss solvency test","volume":"24","author":"Eling","year":"2019","journal-title":"N Am Actuar J"},{"key":"2023081209332370400_bib19","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1016\/j.insmatheco.2021.02.009","article-title":"Cyber claim analysis using generalized pareto regression trees with applications to insurance","volume":"98","author":"Farkas","year":"2021","journal-title":"Insur Math Econ"},{"key":"2023081209332370400_bib20","doi-asserted-by":"crossref","first-page":"431","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: empirical evidence from the stock market","volume":"11","author":"Campbell","year":"2003","journal-title":"JCS"},{"key":"2023081209332370400_bib21","doi-asserted-by":"crossref","DOI":"10.3386\/w24409","article-title":"What is the Impact of Successful Cyberattacks on Target Firms?","author":"Kamiya","year":"2018"},{"key":"2023081209332370400_bib22","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/MSP.2016.64","article-title":"What\u2019s new in the economics of cybersecurity?","volume":"14","author":"Felici","year":"2016","journal-title":"IEEE Secur Privacy"},{"key":"2023081209332370400_bib23","doi-asserted-by":"crossref","first-page":"1066","DOI":"10.1126\/science.aaz4795","article-title":"Cyber risk research impeded by disciplinary barriers","volume":"366","author":"Falco","year":"2019","journal-title":"Science"},{"key":"2023081209332370400_bib24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3057729","article-title":"Cyber security and the role of intelligent systems in addressing its challenges","volume":"8","author":"Harel","year":"2017","journal-title":"ACM Trans Intell Syst Technol"},{"key":"2023081209332370400_bib25","volume-title":"800-30 Revision 1: Guide for Conducting Risk Assessments","author":"NIST","year":"2012"},{"key":"2023081209332370400_bib26","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1093\/cybsec\/tyz002","article-title":"Content analysis of cyber insurance policies: how do carriers price cyber risk?","volume":"5","author":"Romanosky","year":"2019","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib27","article-title":"Content analysis of cyber insurance policies","author":"Romanosky","year":"2017","journal-title":"Working Paper"},{"key":"2023081209332370400_bib28","first-page":"1","article-title":"A survey of machine learning for big data processing","volume":"67","author":"Qiu","year":"2016","journal-title":"EURASIP J Adv Signal Process"},{"key":"2023081209332370400_bib29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1093\/cybsec\/tyaa015","article-title":"Improving vulnerability remediation through better exploit prediction","volume":"6","author":"Jacobs","year":"2020","journal-title":"J Cybersecur"},{"key":"2023081209332370400_bib30","article-title":"Privacy Rights Clearinghouse,\u201d Privacy Rights Clearinghouse","author":"Privacy Rights Clearinghouse"},{"key":"2023081209332370400_bib31","article-title":"Identity Theft Resource Center"},{"key":"2023081209332370400_bib32"},{"key":"2023081209332370400_bib33","volume-title":"OTCAD Operational Technology Cyber Attack Database","author":"Secura\u2013A Bureau Veritas Company","year":"2021"},{"key":"2023081209332370400_bib34","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1037\/1089-2680.2.2.175","article-title":"Confirmation bias: a ubiquitous phenomenon in many guises","volume":"2","author":"Nickerson","year":"1998","journal-title":"Rev Gen Psychol"},{"key":"2023081209332370400_bib35","article-title":"Knowledge set of attack surface and cybersecurity rating for firms in a supply chain","author":"Wang","year":"2017","journal-title":"Working Paper"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/9\/1\/tyad015\/51101837\/tyad015.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/9\/1\/tyad015\/51101837\/tyad015.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T21:36:48Z","timestamp":1729719408000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyad015\/7241616"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,1]]},"references-count":35,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1,5]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyad015","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2023,1,1]]},"published":{"date-parts":[[2023,1,1]]},"article-number":"tyad015"}}