Dynamic cyber risk estimation with Competitive Quantile Autoregression

TL;DR

This paper introduces two methods, QAR and CQAR, for dynamic cyber risk estimation using time-series data, with CQAR offering real-time updates and theoretical guarantees of performance.

Contribution

The paper proposes a novel dynamic risk estimation approach, CQAR, that adapts in real-time and guarantees asymptotic performance compared to traditional QAR methods.

Findings

CQAR accurately predicts cyber breach size and timing.

The methods outperform existing techniques in coverage tests.

The approaches are flexible for modeling different risk levels.

Abstract

The increasing value of data held in enterprises makes it an attractive target to attackers. The increasing likelihood and impact of a cyber attack have highlighted the importance of effective cyber risk estimation. We propose two methods for modelling Value-at-Risk (VaR) which can be used for any time-series data. The first approach is based on Quantile Autoregression (QAR), which can estimate VaR for different quantiles, i.e. confidence levels. The second method, we term Competitive Quantile Autoregression (CQAR), dynamically re-estimates cyber risk as soon as new data becomes available. This method provides a theoretical guarantee that it asymptotically performs as well as any QAR at any time point in the future. We show that these methods can predict the size and inter-arrival time of cyber hacking breaches by running coverage tests. The proposed approaches allow to model a separate stochastic process for each significance level and therefore provide more flexibility compared to previously proposed techniques. We provide a fully reproducible code used for conducting the experiments.