MAGIC: A Method for Assessing Cyber Incidents Occurrence

TL;DR

MAGIC is a novel probabilistic model that assesses the likelihood of cyber incidents based on an organization's cyber posture, reducing subjectivity in cyber risk evaluation and supporting various risk assessment frameworks.

Contribution

The paper introduces MAGIC, a new probabilistic method for estimating cyber incident likelihood from cyber posture, enhancing existing risk assessment tools with more objective inputs.

Findings

MAGIC provides more consistent likelihood estimates than traditional expert-based methods.

The approach improves the accuracy of cyber risk assessments by reducing subjectivity.

Qualitative and quantitative comparisons show MAGIC's effectiveness over classical methods.

Abstract

The assessment of cyber risk plays a crucial role for cybersecurity management, and has become a compulsory task for certain types of companies and organizations. This makes the demand for reliable cyber risk assessment tools continuously increasing, especially concerning quantitative tools based on statistical approaches. Probabilistic cyber risk assessment methods, however, follow the general paradigm of probabilistic risk assessment, which requires the magnitude and the likelihood of incidents as inputs. Unfortunately, for cyber incidents, the likelihood of occurrence is hard to estimate based on historical and publicly available data; so, expert evaluations are commonly used, which however leave space to subjectivity. In this paper, we propose a novel probabilistic model, called MAGIC (Method for AssessinG cyber Incidents oCcurrence), to compute the likelihood of occurrence of a cyber incident, based on the evaluation of the cyber posture of the target organization. This allows deriving tailor-made inputs for probabilistic risk assessment methods, like HTMA (How To Measure Anything in cybersecurity risk), FAIR (Factor Analysis of Information Risk) and others, thus considerably reducing the margin of subjectivity in the assessment of cyber risk. We corroborate our approach through a qualitative and a quantitative comparison with several classical methods.