{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T18:11:47Z","timestamp":1769278307939,"version":"3.49.0"},"reference-count":62,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2020,6,8]],"date-time":"2020-06-08T00:00:00Z","timestamp":1591574400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2020,6,30]]},"abstract":"\n Service liability interconnections among globally networked IT- and IoT-driven service organizations create potential channels for cascading service disruptions worth billions of dollars, due to modern cyber-crimes such as DDoS, APT, and ransomware attacks. A natural question that arises in this context is:\n What is the likelihood of a cyber-blackout?<\/jats:italic>\n , where the latter term is defined as the probability that all (or a major subset of) organizations in a service chain become dysfunctional in a certain manner due to a cyber-attack at some or all points in the chain. The answer to this question has major implications to risk management businesses such as cyber-insurance when it comes to designing policies by risk-averse insurers for providing coverage to clients in the aftermath of such catastrophic network events. In this article, we investigate this question in general as a function of service chain networks and different cyber-loss distribution types. We show somewhat surprisingly (and discuss the potential practical implications) that, following a cyber-attack, the effect of (a) a network interconnection topology and (b) a wide range of loss distributions on the probability of a cyber-blackout and the increase in total service-related monetary losses across all organizations are\n mostly<\/jats:italic>\n very small. The primary rationale behind these results are attributed to degrees of heterogeneity in the revenue base among organizations and the\n Increasing Failure Rate<\/jats:italic>\n property of popular (i.i.d\/non-i.i.d) loss distributions, i.e., log-concave cyber-loss distributions. The result will enable risk-averse cyber-risk managers to safely infer the impact of cyber-attacks in a worst-case network and distribution oblivious setting.\n <\/jats:p>","DOI":"10.1145\/3386159","type":"journal-article","created":{"date-parts":[[2020,6,8]],"date-time":"2020-06-08T12:00:09Z","timestamp":1591617609000},"page":"1-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["When Are Cyber Blackouts in Modern Service Networks Likely?"],"prefix":"10.1145","volume":"11","author":[{"given":"Ranjan","family":"Pal","sequence":"first","affiliation":[{"name":"University of Michigan Ann Arbor, USA, University of Cambridge, UK"}]},{"given":"Konstantinos","family":"Psounis","sequence":"additional","affiliation":[{"name":"University of Southern California, USA"}]},{"given":"Jon","family":"Crowcroft","sequence":"additional","affiliation":[{"name":"University of Cambridge, UK"}]},{"given":"Pan","family":"Hui","sequence":"additional","affiliation":[{"name":"University of Helsinki, Finland"}]},{"given":"Sasu","family":"Tarkoma","sequence":"additional","affiliation":[{"name":"University of Helsinki, Finland"}]},{"given":"Abhishek","family":"Kumar","sequence":"additional","affiliation":[{"name":"University of Helsinki, Finland"}]},{"given":"John","family":"Kelly","sequence":"additional","affiliation":[{"name":"Envelop Risk"}]},{"given":"Aritra","family":"Chatterjee","sequence":"additional","affiliation":[{"name":"Envelop Risk"}]},{"given":"Leana","family":"Golubchik","sequence":"additional","affiliation":[{"name":"University of Southern California, USA"}]},{"given":"Nishanth","family":"Sastry","sequence":"additional","affiliation":[{"name":"King\u2019s College London, UK"}]},{"given":"Bodhibrata","family":"Nag","sequence":"additional","affiliation":[{"name":"Indian Institute of Management Calcutta, India"}]}],"member":"320","published-online":{"date-parts":[[2020,6,8]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-4266(02)00281-9"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1086\/262109"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/0035-5054(93)90023-V"},{"key":"e_1_2_2_4_1","volume-title":"Barlow and Frank Proschan","author":"Richard","year":"1975","unstructured":"Richard E. Barlow and Frank Proschan. 1975. Statistical Theory of Reliability and Life Testing: Probability Models. Technical Report. Florida State Univ Tallahassee."},{"key":"e_1_2_2_5_1","unstructured":"Richard S. Betterley. 2015. Cyber\/privacy insurance market survey-2015. Advisen Annual Report."},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2011.38"},{"key":"e_1_2_2_7_1","volume-title":"The hackers holding hospitals to ransom. BMJ: British Medical Journal (Online) 357","author":"Chinthapalli Krishna","year":"2017","unstructured":"Krishna Chinthapalli. 2017. The hackers holding hospitals to ransom. BMJ: British Medical Journal (Online) 357 (2017)."},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/PL00012580"},{"key":"e_1_2_2_9_1","volume-title":"Solving Cyber Risk: Protecting Your Company and Society","author":"Coburn Andrew","unstructured":"Andrew Coburn, Eireann Leverett, and Gordon Woo. 2018. Solving Cyber Risk: Protecting Your Company and Society. Wiley."},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbankfin.2006.01.008"},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.2307\/2298061"},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/2774806.2774809"},{"key":"e_1_2_2_13_1","unstructured":"F. J. Fabozzi and H. M. Markowitz. 2002. The Theory and Practice of Investment Management. John Wiley 8 Sons."},{"key":"e_1_2_2_14_1","volume-title":"Statistical Distributions","author":"Forbes Catherine","unstructured":"Catherine Forbes, Merran Evans, Nicholas Hastings, and Brian Peacock. 2011. Statistical Distributions. John Wiley 8 Sons."},{"key":"e_1_2_2_15_1","volume-title":"Systemic risk, interbank relations, and liquidity provision by the central bank. Journal of Money, Credit and Banking","author":"Freixas Xavier","year":"2000","unstructured":"Xavier Freixas, Bruno M. Parigi, and Jean-Charles Rochet. 2000. Systemic risk, interbank relations, and liquidity provision by the central bank. Journal of Money, Credit and Banking (2000), 611--638."},{"key":"e_1_2_2_16_1","volume-title":"Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences. The Royal Society, rspa20090410","author":"Gai Prasanna","year":"2010","unstructured":"Prasanna Gai and Sujit Kapadia. 2010. Contagion in financial networks. In Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences. The Royal Society, rspa20090410."},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2005.1498374"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1038\/nphys2180"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1257\/jel.20151228"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1086\/226707"},{"key":"e_1_2_2_21_1","volume-title":"Wired","author":"Greenberg Andy","year":"2017","unstructured":"Andy Greenberg. 2017. How an entire nation became Russia\u2019s test lab for cyberwar. Wired, June 20 (2017). https:\/\/thehill.com\/opinion\/technology\/380948-when-nation-states-hack-the-private-sector-for-intellectual-property."},{"key":"e_1_2_2_22_1","volume-title":"Wired","author":"Greenberg Andy","year":"2018","unstructured":"Andy Greenberg. 2018. The untold story of NotPetya, the most devastating cyberattack in history. Wired, August 22 (2018). https:\/\/www.theregister.co.uk\/2017\/05\/12\/nhs_hospital_shut_down_due_to_cyber_attack\/."},{"key":"e_1_2_2_23_1","unstructured":"Steve Grobman. 2018. When nation-states hack the private sector for intellectual property. https:\/\/thehill.com\/opinion\/technology\/380948-when-nation-states-hack-the-private-sector-for-intellectual-property."},{"key":"e_1_2_2_24_1","unstructured":"Kat Hall. 2017. UK hospital meltdown after ransomware worm uses NSA vuln to raid IT. https:\/\/www.theregister.co.uk\/2017\/05\/12\/nhs_hospital_shut_down_due_to_cyber_attack\/."},{"key":"e_1_2_2_25_1","volume-title":"Internalizing externalities of loss prevention through insurance monopoly. Geneva Risk and Insurance Review 32","author":"Hoffman Annette","year":"2007","unstructured":"Annette Hoffman. 2007. Internalizing externalities of loss prevention through insurance monopoly. Geneva Risk and Insurance Review 32 (2007)."},{"key":"e_1_2_2_26_1","unstructured":"Glyn A. Holton. 2003. Value-at-Risk. Academic Press."},{"key":"e_1_2_2_27_1","unstructured":"Norman L. Johnson Samuel Kotz and N. Balakrishnan. 1995. Continuous Univariate Distributions vol. 2 of Wiley series in probability and mathematical statistics: Applied probability and statistics. Wiley New York."},{"key":"e_1_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2812205"},{"key":"e_1_2_2_29_1","volume-title":"preparation is everything. Computer Fraud 8 Security","author":"Krystlik Jocelyn","year":"2017","unstructured":"Jocelyn Krystlik. 2017. With GDPR, preparation is everything. Computer Fraud 8 Security 2017, 6 (2017), 5--8."},{"key":"e_1_2_2_30_1","volume-title":"Influence of clustering on cascading failures in interdependent systems","author":"Richard La.","year":"2018","unstructured":"Richard La. 2018a. Influence of clustering on cascading failures in interdependent systems. IEEE Transactions on Network Science and Engineering (2018)."},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2015.2408598"},{"key":"e_1_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2017.2738843"},{"key":"e_1_2_2_33_1","unstructured":"Risk Management Solutions Inc. 2016. Managing Cyber Insurance Accumulation Risk."},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2009.5062066"},{"key":"e_1_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1140\/epjb\/e2009-00347-4"},{"key":"e_1_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1176342873"},{"key":"e_1_2_2_37_1","volume-title":"Arnold","author":"Marshall Albert W.","year":"1979","unstructured":"Albert W. Marshall, Ingram Olkin, and Barry C. Arnold. 1979. Inequalities: Theory of Majorization and Its Applications. Vol. 143. Springer."},{"key":"e_1_2_2_38_1","unstructured":"Pascal Millaire. 2017. 3 reasons why the insurance industry will never be the same after the Mirai ddos attack. Advisen's 2017 Cyber Guide."},{"key":"e_1_2_2_39_1","volume-title":"A critical point for random graphs with a given degree sequence. Random Structures 8 Algorithms 6, 2\u20133","author":"Molloy Michael","year":"1995","unstructured":"Michael Molloy and Bruce Reed. 1995. A critical point for random graphs with a given degree sequence. Random Structures 8 Algorithms 6, 2\u20133 (1995), 161--180."},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0963548398003526"},{"key":"e_1_2_2_41_1","volume-title":"Business Innovation Through Blockchain","author":"Morabito Vincenzo","unstructured":"Vincenzo Morabito. 2017. The security of blockchain systems. In Business Innovation Through Blockchain. Springer, 61--78."},{"key":"e_1_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1111\/1467-937X.00121"},{"key":"e_1_2_2_43_1","volume-title":"Networks","author":"Newman Mark","unstructured":"Mark Newman. 2018. Networks. Oxford University Press."},{"key":"e_1_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.64.026118"},{"key":"e_1_2_2_45_1","volume-title":"On robust estimated of correlated risks in cyber-insured IT firms: A first look at optimal AI-based estimated under small data. ACM TMIS 10, 3","author":"Pal Ranjan","year":"2019","unstructured":"Ranjan Pal, Leana Golubchik, Konstantinos Psounis, and Tathagatha Bandyopadhyay. 2019. On robust estimated of correlated risks in cyber-insured IT firms: A first look at optimal AI-based estimated under small data. ACM TMIS 10, 3 (2019)."},{"key":"e_1_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2010.79"},{"key":"e_1_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25280-8_12"},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6847944"},{"key":"e_1_2_2_49_1","volume-title":"Security pricing as enabler of cyber-insurance a first look at differentiated pricing markets","author":"Pal Ranjan","year":"2017","unstructured":"Ranjan Pal, Leana Golubchik, Konstantinos Psounis, and Pan Hui. 2017. Security pricing as enabler of cyber-insurance a first look at differentiated pricing markets. IEEE Transactions on Dependable and Secure Computing (2017)."},{"key":"e_1_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3273996.3273999"},{"key":"e_1_2_2_51_1","volume-title":"double that of","author":"DeNisco Rayome Alison","year":"2016","unstructured":"Alison DeNisco Rayome. 2017. 33% of businesses hit by DDoS attack in 2017, double that of 2016. TechRepublic (Nov. 2017). https:\/\/www.techrepublic.com\/article\/33-of-businesses-hit-by-ddos-attack-in-2017-double-that-of-2016\/."},{"key":"e_1_2_2_52_1","volume-title":"The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Bloomberg Businessweek 4","author":"Robertson Jordan","year":"2018","unstructured":"Jordan Robertson and Michael Riley. 2018. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Bloomberg Businessweek 4 (2018)."},{"key":"e_1_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.1120.1569"},{"key":"e_1_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.14"},{"key":"e_1_2_2_55_1","unstructured":"AWS Sales. 2018. Case Studies 8 Customer Success - Amazon Web Services (AWS)."},{"key":"e_1_2_2_56_1","volume-title":"Economics of Information Security and Privacy","author":"Shetty Nikhil","unstructured":"Nikhil Shetty, Galina Schwartz, Mark Felegyhazi, and Jean Walrand. 2010. Competitive cyber-insurance and internet security. In Economics of Information Security and Privacy. Springer, 229--247."},{"key":"e_1_2_2_57_1","unstructured":"Symantec. 2016. Attackers target both large and small businesses. https:\/\/seekingalpha.com\/article\/4224061-why-sold-apple-stock."},{"key":"e_1_2_2_58_1","volume-title":"Apple Stock: Analyzing 5 Key Customers (AAPL).","author":"Tracy Thom","year":"2016","unstructured":"Thom Tracy. 2016. Apple Stock: Analyzing 5 Key Customers (AAPL)."},{"key":"e_1_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.082090499"},{"key":"e_1_2_2_60_1","unstructured":"Zack Whittaker. 2016. Mirai botnet attack hits thousands of home routers throwing users offline."},{"key":"e_1_2_2_61_1","volume-title":"2007 cyberattacks on Estonia. Wikipedia","author":"Contributors Wikipedia","year":"2018","unstructured":"Wikipedia Contributors. 2018. 2007 cyberattacks on Estonia. Wikipedia (2018)."},{"key":"e_1_2_2_62_1","volume-title":"Who\u2019s using Amazon web services? Contingo","author":"Wootton Benjamin","year":"2017","unstructured":"Benjamin Wootton. 2017. Who\u2019s using Amazon web services? Contingo (2017)."}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3386159","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3386159","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3386159"}},"subtitle":["A Network Oblivious Theory on Cyber (Re)Insurance Feasibility"],"short-title":[],"issued":{"date-parts":[[2020,6,8]]},"references-count":62,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,6,30]]}},"alternative-id":["10.1145\/3386159"],"URL":"https:\/\/doi.org\/10.1145\/3386159","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"value":"2158-656X","type":"print"},{"value":"2158-6578","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,8]]},"assertion":[{"value":"2018-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-06-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}