{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,2]],"date-time":"2025-11-02T10:26:53Z","timestamp":1762079213934,"version":"build-2065373602"},"reference-count":22,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2022,11,30]],"date-time":"2022-11-30T00:00:00Z","timestamp":1669766400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computation"],"abstract":"<jats:p>Digitization offers great opportunities as well as new challenges. Indeed, these opportunities entail increased cyber risks, both from deliberate cyberattacks and from incidents caused by inadvertent human error. Cyber risk must be mastered, and to this aim, its quantification is an urgent challenge. There is a lot of interest in this topic from the insurance community in order to price adequate coverage to their customers. A key first step is to investigate the frequency and severity of cyber incidents. On the grounds that data breaches seem to be the main cause of cyber incidents, the aim of this paper is to give further insights about the frequency and severity statistical distributions of malicious and negligent data breaches. For this purpose, we refer to a publicly available dataset: the Chronology of Data Breaches provided by the Privacy Rights Clearinghouse.<\/jats:p>","DOI":"10.3390\/computation10120208","type":"journal-article","created":{"date-parts":[[2022,11,30]],"date-time":"2022-11-30T05:45:22Z","timestamp":1669787122000},"page":"208","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Some Remarks on Malicious and Negligent Data Breach Distribution Estimates"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4570-1690","authenticated-orcid":false,"given":"Maria Francesca","family":"Carfora","sequence":"first","affiliation":[{"name":"Consiglio Nazionale delle Ricerche, Istituto per le Applicazioni del Calcolo \u201cMauro Picone\u201d, Via P. Castellino, 111, 80131 Naples, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4637-1694","authenticated-orcid":false,"given":"Albina","family":"Orlando","sequence":"additional","affiliation":[{"name":"Consiglio Nazionale delle Ricerche, Istituto per le Applicazioni del Calcolo \u201cMauro Picone\u201d, Via P. Castellino, 111, 80131 Naples, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,11,30]]},"reference":[{"key":"ref_1","unstructured":"Allianz Global Corporate & Specialty (2021, February 10). Allianz Risk Barometer: Top Business Risks for 2022. Available online: https:\/\/www.agcs.allianz.com\/news-and-insights\/reports\/allianz-risk-barometer.html."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Dacorogna, M., Debbabi, N., and Kratz, M. (2022). Building up Cyber Resilience by better grasping cyber risk via a new algorithm for modelling heavy-tailed data. arXiv.","DOI":"10.2139\/ssrn.4215907"},{"key":"ref_3","unstructured":"Weathley, S., Hofmann, H., and Sornette, D. (2019). Data breaches in the catastrophe framework and beyond. arXiv."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"OECD (2017). Types of cyber incidents and losses. Enhancing the Role of Insurance in Cyber Risk Management, OECD Publishing.","DOI":"10.1787\/9789264282148-4-en"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1007\/978-3-319-76687-4_11","article-title":"Preventing the Drop in Security Investments for Non-competitive Cyber-Insurance Market","volume":"Volume 10694","author":"Cuppens","year":"2018","journal-title":"Risks and Security of Internet and Systems"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cosrev.2017.01.001","article-title":"Cyber-insurance survey","volume":"24","author":"Marotta","year":"2017","journal-title":"Comput. Sci. Rev."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1016\/j.insmatheco.2017.05.008","article-title":"Data breaches. Goodness of fit, pricing, and risk measurement","volume":"75","author":"Eling","year":"2017","journal-title":"Insur. Math. Econ."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"484","DOI":"10.1080\/10920277.2020.1752255","article-title":"Modeling Malicious Hacking Data Breach Risks","volume":"25","author":"Sun","year":"2021","journal-title":"N. Am. Actuar. J."},{"key":"ref_9","first-page":"77","article-title":"Cyber Risk Management: An Actuarial Point of View","volume":"14","author":"Carfora","year":"2019","journal-title":"J. Oper. Risk"},{"key":"ref_10","unstructured":"Chief Risk Officers Forum\u2014CRO Forum (2016). Concept Paper on a Proposed Categorisation Methodology for Cyber Risk CRO Forum, CRO Forum."},{"key":"ref_11","unstructured":"Ponemon Institute (2022). 2022 Cost of Data Breach Study: Global Analysis, Ponemon Institute LLC."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Woods, D.W., and B\u00f6hme, R. (2021, January 24\u201327). SoK: Quantifying Cyber Risk. Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP40001.2021.00053"},{"key":"ref_13","unstructured":"(2022, June 15). Privacy Rights Clearinghouse Chronology of Data Breaches. Available online: https:\/\/privacyrights.org\/data-breaches."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","article-title":"Hype and heavy tails: A closer look at data breaches","volume":"2","author":"Edwards","year":"2016","journal-title":"J. Cybersecur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"2856","DOI":"10.1109\/TIFS.2018.2834227","article-title":"Modeling and Predicting Cyber Hacking Breaches","volume":"13","author":"Xu","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_16","unstructured":"Buckman, J., Bockstedt, J., Hashim, M.J., and Woutersen, T. (2017, January 26\u201327). Do organizations learn from a data breach. Proceedings of the Workshop on the Economics of Information Security (WEIS), La Jolla, CA, USA."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Bentley, M., Stephenson, A., Toscas, P., and Zhu, Z. (2020). A multivariate model to quantify and mitigate cybersecuity risk. Risks, 8.","DOI":"10.3390\/risks8020061"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1016\/j.insmatheco.2018.07.003","article-title":"Copula approaches for modeling cross sectional dependence of data breach losses","volume":"82","author":"Eling","year":"2018","journal-title":"Insur. Math. Econ."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1016\/j.insmatheco.2012.04.001","article-title":"Fitting insurance claims to skewed distributions: Are the skew-normal and skew-student good models?","volume":"51","author":"Eling","year":"2012","journal-title":"Insur. Math. Econ."},{"key":"ref_20","first-page":"171","article-title":"A class of distributions which includes the normal ones","volume":"12","author":"Azzalini","year":"1985","journal-title":"Scand. J. Stat."},{"key":"ref_21","unstructured":"Carfora, M.F., and Orlando, A. (2019, January 3\u20134). Quantile based risk measures in cyber security. Proceedings of the 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), Oxford, UK."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"106924","DOI":"10.1016\/j.dib.2021.106924","article-title":"A dataset for accounting, finance and economics research on US data breaches","volume":"35","author":"Rosati","year":"2021","journal-title":"Data Brief"}],"container-title":["Computation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-3197\/10\/12\/208\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:30:17Z","timestamp":1760146217000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-3197\/10\/12\/208"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,30]]},"references-count":22,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["computation10120208"],"URL":"https:\/\/doi.org\/10.3390\/computation10120208","relation":{},"ISSN":["2079-3197"],"issn-type":[{"type":"electronic","value":"2079-3197"}],"subject":[],"published":{"date-parts":[[2022,11,30]]}}}