Enterprises intangible Risks Management via Economic models based on simulatioN of modErn cyber-aTtacks

Ziel

IT security and risk management often ignore or underestimate the human factor (psychological, behavioural, societal, organisational and economic aspects) in the identification of cyber-risks, their quantitative economic impact and the costs of countermeasures. Cyber-attacks can harm intangible assets like reputation, IPR, expertise, and know-how. And there is severe imbalance between the efficiency of attacks and inadequate defences, due in part to the lack of quantitative information for decision makers to prioritise security investments.
To foster a culture of risk management by an individual organisation or a complete sector, HERMENEUT answers: What is the real fallout of a data compromise and the long-run consequences on associated assets? What are the losses for intangible assets? Do other type of attacks (beyond data breach) severely impact intangible and tangible assets?
HERMENEUT assesses vulnerabilities of organisations and corresponding tangible and intangible assets at risk, taking into account the business plans of the attacker, the commoditisation level of the target organisations, the exposure of the target and including human factors as well as estimating the likelihood that a potential cyber-attack exploits identified vulnerabilities. HERMENEUT’s cyber-security cost-benefit approach combines integrated assessment of vulnerabilities and their likelihoods with an innovative macro- and micro-economic model for intangible costs, delivering a quantitative estimation of the risks for an organisation or a business sector and investment guidelines for mitigation measures. 11 partners from 6 countries deliver an innovative methodology and advanced macro- and micro-economic models and make it available to the European research community. HERMENEUT implements its innovations in a decision support tool, tested with 2 users in healthcare and an IPR-intensive industry.

Wissenschaftliches Gebiet

CORDIS klassifiziert Projekte mit EuroSciVoc, einer mehrsprachigen Taxonomie der Wissenschaftsbereiche, durch einen halbautomatischen Prozess, der auf Verfahren der Verarbeitung natürlicher Sprache beruht.

• social scienceseconomics and businesseconomics
• social scienceseconomics and businessbusiness and managementbusiness models
• social sciencessociologygovernancecrisis management
• natural sciencescomputer and information sciencescomputer security
• social sciencespsychologyergonomics

Schlüsselbegriffe

• Risk modeling
• Risk analysis
• Simulation
• Vulnerability Assessment
• intangible risks
• Decision support tool

Programm/Programme

• H2020-EU.3.7. - Secure societies - Protecting freedom and security of Europe and its citizens Main Programme
• H2020-EU.3.7.4. - Improve cyber security

Thema/Themen

• DS-04-2016 - Economics of Cybersecurity

Finanzierungsplan

Koordinator

Beteiligte (12)