research about cyber security

Search Menu
Sign in through your institution
Editor's Choice
Author Guidelines
Submission Site
Open Access
About Journal of Cybersecurity
Editorial Board
Advertising and Corporate Services
Journals Career Network
Self-Archiving Policy
Journals on Oxford Academic
Books on Oxford Academic

Editors-in-Chief

Tyler Moore

About the journal

Journal of Cybersecurity publishes accessible articles describing original research in the inherently interdisciplinary world of computer, systems, and information security …

Latest articles

Call for Papers: Workshop on the Economics of Information Security

Journal of Cybersecurity is inviting submissions to a new special issue from the workshop on the economics of information security. Authors whose papers appeared at the workshop are invited to submit a revised version to the journal.

Submit your paper

Join the conversation moving the science of security forward. Visit our Instructions to Authors for more information about how to submit your manuscript.

High-Impact Research Collection

Explore a collection of recently published high-impact research in the Journal of Cybersecurity .

Browse the collection here

Read and Publish deals

Authors interested in publishing in Journal of Cybersecurity may be able to publish their paper Open Access using funds available through their institution’s agreement with OUP.

Find out if your institution is participating

Related Titles

Affiliations

Online ISSN 2057-2093
Print ISSN 2057-2085
Copyright © 2024 Oxford University Press
About Oxford Academic
Publish journals with us
University press partners
What we publish
New features
Open access
Institutional account management
Rights and permissions
Get help with access
Accessibility
Advertising
Media enquiries
Oxford University Press
Oxford Languages
University of Oxford

Oxford University Press is a department of the University of Oxford. It furthers the University's objective of excellence in research, scholarship, and education by publishing worldwide

Copyright © 2024 Oxford University Press
Cookie settings
Cookie policy
Privacy policy
Legal notice

This Feature Is Available To Subscribers Only

This PDF is available to Subscribers Only

For full access to this pdf, sign in to an existing account, or purchase an annual subscription.

Programs submenu

Regions submenu, topics submenu, weapons in space: a virtual book talk with dr. aaron bateman, u.s.-australia-japan trilateral cooperation on strategic stability in the taiwan strait report launch, dahlia scheindlin on israeli opinion—gaza: the human toll.

Abshire-Inamori Leadership Academy
Aerospace Security Project
Africa Program
Americas Program
Arleigh A. Burke Chair in Strategy
Asia Maritime Transparency Initiative
Asia Program
Australia Chair
Brzezinski Chair in Global Security and Geostrategy
Brzezinski Institute on Geostrategy
Chair in U.S.-India Policy Studies
China Power Project
Chinese Business and Economics
Defending Democratic Institutions
Defense-Industrial Initiatives Group
Defense 360
Defense Budget Analysis
Diversity and Leadership in International Affairs Project
Economics Program
Emeritus Chair in Strategy
Energy Security and Climate Change Program
Europe, Russia, and Eurasia Program
Freeman Chair in China Studies
Futures Lab
Geoeconomic Council of Advisers
Global Food and Water Security Program
Global Health Policy Center
Hess Center for New Frontiers
Human Rights Initiative
Humanitarian Agenda
Intelligence, National Security, and Technology Program

International Security Program

Japan Chair
Kissinger Chair
Korea Chair
Langone Chair in American Leadership
Middle East Program
Missile Defense Project
Project on Critical Minerals Security
Project on Fragility and Mobility
Project on Nuclear Issues
Project on Prosperity and Development
Project on Trade and Technology
Renewing American Innovation
Scholl Chair in International Business
Smart Women, Smart Power
Southeast Asia Program
Stephenson Ocean Security Project

Strategic Technologies Program

Sustainable Development and Resilience Initiative
Wadhwani Center for AI and Advanced Technologies
Warfare, Irregular Threats, and Terrorism Program
All Regions
Australia, New Zealand & Pacific
Middle East
Russia and Eurasia
American Innovation
Civic Education
Climate Change

Cybersecurity

Defense Budget and Acquisition
Defense and Security
Energy and Sustainability
Food Security
Gender and International Security
Geopolitics
Global Health
Human Rights
Humanitarian Assistance
Intelligence
International Development
Maritime Issues and Oceans
Missile Defense
Nuclear Issues
Transnational Threats
Water Security

Led by the Strategic Technologies Program and the International Security Program , CSIS’s cybersecurity portfolio covers cyber warfare, encryption, military cyber capacity, hacking, financial terrorism, and more.

Photo: Jack Taylor/Getty Images

Blackout Scorecard

James Lewis looks at the July 19 outage and the potential lessons learned for cyber resiliency.

Commentary by James Andrew Lewis — July 25, 2024

A Russian Bot Farm Used AI to Lie to Americans. What Now?

Commentary by Emily Harding — July 16, 2024

Why the United Nations Is Chasing Its Tail on Cybersecurity

Commentary by James Andrew Lewis — July 16, 2024

Collective Defense in Space

Commentary by Benjamin Jensen and Erica Lonergan — July 8, 2024

Latest Podcasts

How to Make Cyber Policy a Headline in Brussels

Podcast Episode by James Andrew Lewis and Christopher Painter — August 27, 2024

Our Biggest Fight: Reclaiming Liberty, Humanity, and Dignity in the Digital Age

Podcast Episode by H. Andrew Schwartz and Frank H. McCourt, Jr. — August 5, 2024

Podcast Episode by James Andrew Lewis — July 26, 2024

Inside the State Department’s Cyber Strategy: A Conversation with Adam Segal

Podcast Episode by James Andrew Lewis and Christopher Painter — July 26, 2024

Past Events

Cyber Leaders Series: The future of cyber on the African continent; a conversation with Kenya's PS Tanui

The New Era of U.S.-Japan Strategic Cooperation: A Dialogue with Japanese Lawmakers

Photo: traffic_analyzer via Getty Images

Cyber Incident Reporting in the Communications Sector

Photo: MARK GARLICK/SCIENCE PHOTO LIBRARY/GETTY IMAGES

Counterspace Trends: An Evolving Global Landscape

Shaping the Future of Federal Cybersecurity: Insights from FCEBs

5G/6G Technology and the Future of Global Security

A Discussion of the 2023 Counter Ransomware Initiative with DNSA Anne Neuberger

Related programs.

James Andrew Lewis

Suzanne Spaulding

Emily Harding

Clayton Swope

All cybersecurity content, type open filter submenu.

Article (158)
Event (145)
Expert/Staff (31)
Podcast Episode (95)
Report (67)

Article Type open filter submenu

Report type open filter submenu, region open filter submenu.

Afghanistan (5)
Americas (43)
Australia, New Zealand, and Pacific (6)
Caribbean Security (1)
Central Asia (1)
Eastern Europe (12)
Europe (40)
European Union (18)
Middle East (12)
North Africa (1)
North America (61)
Russia (35)
Russia and Eurasia (29)
South America (7)
Southeast Asia (13)
Sub-Saharan Africa (4)
The South Caucasus (1)

The Cyber Safety Review Board: Reflecting on the Past & Charting the Future

Please join the CSIS Defending Democratic Institutions Project on Monday, September 9 at 9:15 AM for a conversation on The Cyber Safety Review Board: Reflecting on the Past & Charting the Future with Robert Silvers, the Under Secretary for Policy at the Department of Homeland Security.

Event — September 9, 2024

Jim Lewis and Chris Painter talk to Estonia's former ambassador at large for cyber diplomacy Heli Tirmaa-Klaar.

Revisiting Australia's Encryption Landscape

This piece provides a timeline and overview of Australia's encryption legislation amid new debates of its effectiveness in intelligence and law enforcement.

Blog Post by Taylar Rajic — August 20, 2024

Frank McCourt, chairman of McCourt Global and founder of Project Liberty, joins the podcast to discuss his new book, Our Biggest Fight: Reclaiming Liberty, Humanity, and Dignity in the Digital Age, as well as Project Liberty’s mission and the evolution of the internet.

South Korea’s 2024 Cyber Strategy: A Primer

In 2023, North Korea launched 1.3 million cyberattacks per day on South Korea. South Korea's new cybersecurity strategy makes a few significant changes in how the nation is handling the threat.

Blog Post by Natasha Wood — August 2, 2024

James Lewis and Chris Painter speak to guest Adam Segal, Senior Advisor for International Cyber and Digital Strategy Policy in The State Department’s Bureau of Cyberspace and Digital Policy.

An audio version of “Blackout Scorecard,” a new commentary by CSIS’s James Andrew Lewis. This audio was generated with text-to-speech by Eleven Labs.

Navigating the Evolving Landscape of Privacy and AI

In the third episode of the Digital Dispatch, Caitlin Chin-Rothmann and Jim Lewis analyze the recent activity on Capitol Hill around privacy legislation and AI.

Podcast Episode by Caitlin Chin-Rothmann and James Andrew Lewis — July 25, 2024

An audio version of “A Russian Bot Farm Used AI to Lie to Americans. What Now?,” a new commentary by CSIS’s Emily Harding. This audio was generated with text-to-speech by Eleven Labs.

Podcast Episode by Emily Harding — July 17, 2024

Search by keyword
Search by citation

Page 1 of 5

EvilPromptFuzzer: generating inappropriate content based on text-to-image models

Text-to-image (TTI) models provide huge innovation ability for many industries, while the content security triggered by them has also attracted wide attention. Considerable research has focused on content secu...

View Full Text

ProcSAGE: an efficient host threat detection method based on graph representation learning

Advanced Persistent Threats (APTs) achieves internal networks penetration through multiple methods, making it difficult to detect attack clues solely through boundary defense measures. To address this challeng...

Lightweight ring-neighbor-based user authentication and group-key agreement for internet of drones

As mobile internet and Internet of Things technologies continue to advance, the application scenarios of peer-to-peer Internet of Drones (IoD) are becoming increasingly diverse. However, the development of IoD...

A multi-channel spatial information feature based human pose estimation algorithm

Human pose estimation is an important task in computer vision, which can provide key point detection of human body and obtain bone information. At present, human pose estimation is mainly utilized for detectio...

TVRAVNF: an efficient low-cost TEE-based virtual remote attestation scheme for virtual network functions

With the continuous advancement of virtualization technology and the widespread adoption of 5G networks, the application of the Network Function Virtualization (NFV) architecture has become increasingly popula...

Efficient post-quantum secure deterministic wallet scheme

Since the advent of Bitcoin, cryptocurrencies have gained substantial popularity, and crypto wallets have evolved into the predominant tool for safeguarding and managing cryptographic keys to access cryptocurrenc...

Classification of DDoS attack traffic on SDN network environment using deep learning

Distributed Denial of Service (DDoS) attack is a major threat to the Internet of Things (IoT), Software Defined Networks (SDN), and Cloud Computing Networks. Due to the tremendous applications of IoT networks,...

Revisiting frequency-smoothing encryption: new security definitions and efficient construction

Deterministic encryption (DET) allows for fast retrieval of encrypted information, but it would cause significant leakage of frequency information of the underlying data, which results in an array of inference...

GLDOC: detection of implicitly malicious MS-Office documents using graph convolutional networks

Nowadays, the malicious MS-Office document has already become one of the most effective attacking vectors in APT attacks. Though many protection mechanisms are provided, they have been proved easy to bypass, a...

Revealing the exploitability of heap overflow through PoC analysis

The exploitable heap layouts are used to determine the exploitability of heap vulnerabilities in general-purpose applications. Prior studies have focused on using fuzzing-based methods to generate more exploit...

Threshold ring signature: generic construction and logarithmic size instantiation

A ring signature is a variant of normal digital signature and protects the privacy of a specific signer in the sense that a ring signature can be verified, but the signer’s identity can only be traced to a lim...

FedSHE: privacy preserving and efficient federated learning with adaptive segmented CKKS homomorphic encryption

Unprotected gradient exchange in federated learning (FL) systems may lead to gradient leakage-related attacks. CKKS is a promising approximate homomorphic encryption scheme to protect gradients, owing to its u...

A privacy-preserving image retrieval scheme with access control based on searchable encryption in media cloud

With the popularity of the media cloud computing industry, individuals and organizations outsource image computation and storage to the media cloud server to reduce the storage burden. Media images usually con...

Improved homomorphic evaluation for hash function based on TFHE

Homomorphic evaluation of hash functions offers a solution to the challenge of data integrity authentication in the context of homomorphic encryption. The earliest attempt to achieve homomorphic evaluation of ...

An empirical study of reflection attacks using NetFlow data

Reflection attacks are one of the most intimidating threats organizations face. A reflection attack is a special type of distributed denial-of-service attack that amplifies the amount of malicious traffic by u...

Phishing behavior detection on different blockchains via adversarial domain adaptation

Despite the growing attention on blockchain, phishing activities have surged, particularly on newly established chains. Acknowledging the challenge of limited intelligence in the early stages of new chains, we...

Ensemble learning based anomaly detection for IoT cybersecurity via Bayesian hyperparameters sensitivity analysis

The Internet of Things (IoT) integrates more than billions of intelligent devices over the globe with the capability of communicating with other connected devices with little to no human intervention. IoT enab...

CommanderUAP: a practical and transferable universal adversarial attacks on speech recognition models

Most of the adversarial attacks against speech recognition systems focus on specific adversarial perturbations, which are generated by adversaries for each normal example to achieve the attack. Universal adver...

Enhancing fairness of trading environment: discovering overlapping spammer groups with dynamic co-review graph optimization

Within the thriving e-commerce landscape, some unscrupulous merchants hire spammer groups to post misleading reviews or ratings, aiming to manipulate public perception and disrupt fair market competition. This...

In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium

During the standardisation process of post-quantum cryptography, NIST encourages research on side-channel analysis for candidate schemes. As the recommended lattice signature scheme, CRYSTALS-Dilithium, when i...

Atomic cross-chain swap based on private key exchange

Atomic Cross-Chain Swap (ACCS) is one important topic in cryptocurrency, where users can securely and trustlessly exchange assets between two different blockchains. However, most known ACCS schemes assume spec...

HSS: enhancing IoT malicious traffic classification leveraging hybrid sampling strategy

Using deep learning models to deal with the classification tasks in network traffic offers a new approach to address the imbalanced Internet of Things malicious traffic classification problems. However, the em...

Key derivable signature and its application in blockchain stealth address

Stealth address protocol (SAP) is widely used in blockchain to achieve anonymity. In this paper, we formalize a key derivable signature scheme (KDS) to capture the functionality and security requirements of SA...

Polar code-based secure transmission with higher message rate combining channel entropy and computational entropy

The existing physical layer security schemes, which are based on the key generation model and the wire-tap channel model, achieve security by utilizing channel reciprocity entropy and noise entropy, respective...

Dissecting zero trust: research landscape and its implementation in IoT

As a progressive security strategy, the zero trust model has attracted notable attention and importance within the realm of network security, especially in the context of the Internet of Things (IoT). This pap...

Study of smart grid cyber-security, examining architectures, communication networks, cyber-attacks, countermeasure techniques, and challenges

Smart Grid (SG) technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport. However, this increased reliance on technology and co...

A multi-agent adaptive deep learning framework for online intrusion detection

The network security analyzers use intrusion detection systems (IDSes) to distinguish malicious traffic from benign ones. The deep learning-based (DL-based) IDSes are proposed to auto-extract high-level featur...

Iterative and mixed-spaces image gradient inversion attack in federated learning

As a distributed learning paradigm, federated learning is supposed to protect data privacy without exchanging users’ local data. Even so, the gradient inversion attack , in which the adversary can reconstruct the ...

Winternitz stack protocols for embedded systems and IoT

This paper proposes and evaluates a new bipartite post-quantum digital signature protocol based on Winternitz chains and an oracle. Mutually mistrustful Alice and Bob are able to agree and sign a series of do...

Joint contrastive learning and belief rule base for named entity recognition in cybersecurity

Named Entity Recognition (NER) in cybersecurity is crucial for mining information during cybersecurity incidents. Current methods rely on pre-trained models for rich semantic text embeddings, but the challenge...

DTA: distribution transform-based attack for query-limited scenario

In generating adversarial examples, the conventional black-box attack methods rely on sufficient feedback from the to-be-attacked models by repeatedly querying until the attack is successful, which usually res...

A survey on lattice-based digital signature

Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation, rich mathematical foundation and worst-case security, and also an impo...

Shorter ZK-SNARKs from square span programs over ideal lattices

Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) are cryptographic protocols that offer efficient and privacy-preserving means of verifying NP language relations and have drawn consid...

Revocable and verifiable weighted attribute-based encryption with collaborative access for electronic health record in cloud

The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers. Attribute-based encryption (ABE) scheme is considered a po...

Maxwell’s Demon in MLP-Mixer: towards transferable adversarial attacks

Models based on MLP-Mixer architecture are becoming popular, but they still suffer from adversarial examples. Although it has been shown that MLP-Mixer is more robust to adversarial attacks compared to convolu...

Practical solutions in fully homomorphic encryption: a survey analyzing existing acceleration methods

Fully homomorphic encryption (FHE) has experienced significant development and continuous breakthroughs in theory, enabling its widespread application in various fields, like outsourcing computation and secure...

A circuit area optimization of MK-3 S-box

In MILCOM 2015, Kelly et al. proposed the authentication encryption algorithm MK-3, which applied the 16-bit S-box. This paper aims to implement the 16-bit S-box with less circuit area. First, we classified th...

Intrusion detection system for controller area network

The rapid expansion of intra-vehicle networks has increased the number of threats to such networks. Most modern vehicles implement various physical and data-link layer technologies. Vehicles are becoming incre...

CT-GCN+: a high-performance cryptocurrency transaction graph convolutional model for phishing node classification

Due to the anonymous and contract transfer nature of blockchain cryptocurrencies, they are susceptible to fraudulent incidents such as phishing. This poses a threat to the property security of users and hinder...

Enhanced detection of obfuscated malware in memory dumps: a machine learning approach for advanced cybersecurity

In the realm of cybersecurity, the detection and analysis of obfuscated malware remain a critical challenge, especially in the context of memory dumps. This research paper presents a novel machine learning-bas...

BRITD: behavior rhythm insider threat detection with time awareness and user adaptation

Researchers usually detect insider threats by analyzing user behavior. The time information of user behavior is an important concern in internal threat detection.

F3l: an automated and secure function-level low-overhead labeled encrypted traffic dataset construction method for IM in Android

Fine-grained function-level encrypted traffic classification is an essential approach to maintaining network security. Machine learning and deep learning have become mainstream methods to analyze traffic, and ...

WAS: improved white-box cryptographic algorithm over AS iteration

The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment. In order to solve the issues of high storage cost and in...

Full-round impossible differential attack on shadow block cipher

Lightweight block ciphers are the essential encryption algorithm for devices with limited resources. Its goal is to ensure the security of data transmission through resource-constrained devices. Impossible dif...

Minimizing CNOT-count in quantum circuit of the extended Shor’s algorithm for ECDLP

The elliptic curve discrete logarithm problem (ECDLP) is a popular choice for cryptosystems due to its high level of security. However, with the advent of the extended Shor’s algorithm, there is concern that E...

Towards the transferable audio adversarial attack via ensemble methods

In recent years, deep learning (DL) models have achieved significant progress in many domains, such as autonomous driving, facial recognition, and speech recognition. However, the vulnerability of deep learnin...

LayerCFL: an efficient federated learning with layer-wised clustering

Federated Learning (FL) suffers from the Non-IID problem in practice, which poses a challenge for efficient and accurate model training. To address this challenge, prior research has introduced clustered FL (C...

A novel botnet attack detection for IoT networks based on communication graphs

Intrusion detection systems have been proposed for the detection of botnet attacks. Various types of centralized or distributed cloud-based machine learning and deep learning models have been suggested. Howeve...

Machine learning based fileless malware traffic classification using image visualization

In today’s interconnected world, network traffic is replete with adversarial attacks. As technology evolves, these attacks are also becoming increasingly sophisticated, making them even harder to detect. Fortu...

Research on privacy information retrieval model based on hybrid homomorphic encryption

The computational complexity of privacy information retrieval protocols is often linearly related to database size. When the database size is large, the efficiency of privacy information retrieval protocols is...

Editorial Board
Sign up for article alerts and news from this journal

Affiliated with

The Institute of Information Engineering (IIE) is a national research institute in Beijing that specializes in comprehensive research on theories and applications related to information technology.

IIE strives to be a leading global academic institution by creating first-class research platforms and attracting top researchers. It also seeks to become an important national strategic power in the field of information technology.

IIE’s mission is to promote China’s innovation and industrial competitiveness by advancing information science, standards, and technology in ways that enhance economic security and public safety as well as improve our quality of life.

The journal is indexed by

EI Compendex
Emerging Sources Citation Index
EBSCO Discovery Service
Institute of Scientific and Technical Information of China
Google Scholar
Norwegian Register for Scientific Journals and Series
OCLC WorldCat Discovery Service
ProQuest-ExLibris Primo
ProQuest-ExLibris Summon
TD Net Discovery Service
UGC-CARE List (India)

Annual Journal Metrics

Citation Impact 2023 Journal Impact Factor: 3.9 5-year Journal Impact Factor: 4.9 Source Normalized Impact per Paper (SNIP): 1.587 SCImago Journal Rank (SJR): 1.136

Speed 2023 Submission to first editorial decision (median days): 8 Submission to acceptance (median days): 95

Usage 2023 Downloads: 408,523 Altmetric mentions: 15

ISSN: 2523-3246 (electronic)

Cyber risk and cybersecurity: a systematic review of data availability

Open access
Published: 17 February 2022
Volume 47 , pages 698–736, ( 2022 )

Cite this article

You have full access to this open access article

Frank Cremer 1 ,
Barry Sheehan ORCID: orcid.org/0000-0003-4592-7558 1 ,
Michael Fortmann 2 ,
Arash N. Kia 1 ,
Martin Mullins 1 ,
Finbarr Murphy 1 &
Stefan Materne 2

76k Accesses

88 Citations

43 Altmetric

Explore all metrics

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

Systematic Review: Cybersecurity Risk Taxonomy

A Survey of Cybersecurity Risk Management Frameworks

Cybersecurity Risk Management Frameworks in the Oil and Gas Sector: A Systematic Literature Review

Explore related subjects.

Artificial Intelligence

Avoid common mistakes on your manuscript.

Introduction

Globalisation, digitalisation and smart technologies have escalated the propensity and severity of cybercrime. Whilst it is an emerging field of research and industry, the importance of robust cybersecurity defence systems has been highlighted at the corporate, national and supranational levels. The impacts of inadequate cybersecurity are estimated to have cost the global economy USD 945 billion in 2020 (Maleks Smith et al. 2020 ). Cyber vulnerabilities pose significant corporate risks, including business interruption, breach of privacy and financial losses (Sheehan et al. 2019 ). Despite the increasing relevance for the international economy, the availability of data on cyber risks remains limited. The reasons for this are many. Firstly, it is an emerging and evolving risk; therefore, historical data sources are limited (Biener et al. 2015 ). It could also be due to the fact that, in general, institutions that have been hacked do not publish the incidents (Eling and Schnell 2016 ). The lack of data poses challenges for many areas, such as research, risk management and cybersecurity (Falco et al. 2019 ). The importance of this topic is demonstrated by the announcement of the European Council in April 2021 that a centre of excellence for cybersecurity will be established to pool investments in research, technology and industrial development. The goal of this centre is to increase the security of the internet and other critical network and information systems (European Council 2021 ).

This research takes a risk management perspective, focusing on cyber risk and considering the role of cybersecurity and cyber insurance in risk mitigation and risk transfer. The study reviews the existing literature and open data sources related to cybersecurity and cyber risk. This is the first systematic review of data availability in the general context of cyber risk and cybersecurity. By identifying and critically analysing the available datasets, this paper supports the research community by aggregating, summarising and categorising all available open datasets. In addition, further information on datasets is attached to provide deeper insights and support stakeholders engaged in cyber risk control and cybersecurity. Finally, this research paper highlights the need for open access to cyber-specific data, without price or permission barriers.

The identified open data can support cyber insurers in their efforts on sustainable product development. To date, traditional risk assessment methods have been untenable for insurance companies due to the absence of historical claims data (Sheehan et al. 2021 ). These high levels of uncertainty mean that cyber insurers are more inclined to overprice cyber risk cover (Kshetri 2018 ). Combining external data with insurance portfolio data therefore seems to be essential to improve the evaluation of the risk and thus lead to risk-adjusted pricing (Bessy-Roland et al. 2021 ). This argument is also supported by the fact that some re/insurers reported that they are working to improve their cyber pricing models (e.g. by creating or purchasing databases from external providers) (EIOPA 2018 ). Figure 1 provides an overview of pricing tools and factors considered in the estimation of cyber insurance based on the findings of EIOPA ( 2018 ) and the research of Romanosky et al. ( 2019 ). The term cyber risk refers to all cyber risks and their potential impact.

An overview of the current cyber insurance informational and methodological landscape, adapted from EIOPA ( 2018 ) and Romanosky et al. ( 2019 )

Besides the advantage of risk-adjusted pricing, the availability of open datasets helps companies benchmark their internal cyber posture and cybersecurity measures. The research can also help to improve risk awareness and corporate behaviour. Many companies still underestimate their cyber risk (Leong and Chen 2020 ). For policymakers, this research offers starting points for a comprehensive recording of cyber risks. Although in many countries, companies are obliged to report data breaches to the respective supervisory authority, this information is usually not accessible to the research community. Furthermore, the economic impact of these breaches is usually unclear.

As well as the cyber risk management community, this research also supports cybersecurity stakeholders. Researchers are provided with an up-to-date, peer-reviewed literature of available datasets showing where these datasets have been used. For example, this includes datasets that have been used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems. This reduces a time-consuming search for suitable datasets and ensures a comprehensive review of those available. Through the dataset descriptions, researchers and industry stakeholders can compare and select the most suitable datasets for their purposes. In addition, it is possible to combine the datasets from one source in the context of cybersecurity or cyber risk. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks.

Cyber risks are defined as “operational risks to information and technology assets that have consequences affecting the confidentiality, availability, and/or integrity of information or information systems” (Cebula et al. 2014 ). Prominent cyber risk events include data breaches and cyberattacks (Agrafiotis et al. 2018 ). The increasing exposure and potential impact of cyber risk have been highlighted in recent industry reports (e.g. Allianz 2021 ; World Economic Forum 2020 ). Cyberattacks on critical infrastructures are ranked 5th in the World Economic Forum's Global Risk Report. Ransomware, malware and distributed denial-of-service (DDoS) are examples of the evolving modes of a cyberattack. One example is the ransomware attack on the Colonial Pipeline, which shut down the 5500 mile pipeline system that delivers 2.5 million barrels of fuel per day and critical liquid fuel infrastructure from oil refineries to states along the U.S. East Coast (Brower and McCormick 2021 ). These and other cyber incidents have led the U.S. to strengthen its cybersecurity and introduce, among other things, a public body to analyse major cyber incidents and make recommendations to prevent a recurrence (Murphey 2021a ). Another example of the scope of cyberattacks is the ransomware NotPetya in 2017. The damage amounted to USD 10 billion, as the ransomware exploited a vulnerability in the windows system, allowing it to spread independently worldwide in the network (GAO 2021 ). In the same year, the ransomware WannaCry was launched by cybercriminals. The cyberattack on Windows software took user data hostage in exchange for Bitcoin cryptocurrency (Smart 2018 ). The victims included the National Health Service in Great Britain. As a result, ambulances were redirected to other hospitals because of information technology (IT) systems failing, leaving people in need of urgent assistance waiting. It has been estimated that 19,000 cancelled treatment appointments resulted from losses of GBP 92 million (Field 2018 ). Throughout the COVID-19 pandemic, ransomware attacks increased significantly, as working from home arrangements increased vulnerability (Murphey 2021b ).

Besides cyberattacks, data breaches can also cause high costs. Under the General Data Protection Regulation (GDPR), companies are obliged to protect personal data and safeguard the data protection rights of all individuals in the EU area. The GDPR allows data protection authorities in each country to impose sanctions and fines on organisations they find in breach. “For data breaches, the maximum fine can be €20 million or 4% of global turnover, whichever is higher” (GDPR.EU 2021 ). Data breaches often involve a large amount of sensitive data that has been accessed, unauthorised, by external parties, and are therefore considered important for information security due to their far-reaching impact (Goode et al. 2017 ). A data breach is defined as a “security incident in which sensitive, protected, or confidential data are copied, transmitted, viewed, stolen, or used by an unauthorized individual” (Freeha et al. 2021 ). Depending on the amount of data, the extent of the damage caused by a data breach can be significant, with the average cost being USD 392 million Footnote 1 (IBM Security 2020 ).

This research paper reviews the existing literature and open data sources related to cybersecurity and cyber risk, focusing on the datasets used to improve academic understanding and advance the current state-of-the-art in cybersecurity. Furthermore, important information about the available datasets is presented (e.g. use cases), and a plea is made for open data and the standardisation of cyber risk data for academic comparability and replication. The remainder of the paper is structured as follows. The next section describes the related work regarding cybersecurity and cyber risks. The third section outlines the review method used in this work and the process. The fourth section details the results of the identified literature. Further discussion is presented in the penultimate section and the final section concludes.

Related work

Due to the significance of cyber risks, several literature reviews have been conducted in this field. Eling ( 2020 ) reviewed the existing academic literature on the topic of cyber risk and cyber insurance from an economic perspective. A total of 217 papers with the term ‘cyber risk’ were identified and classified in different categories. As a result, open research questions are identified, showing that research on cyber risks is still in its infancy because of their dynamic and emerging nature. Furthermore, the author highlights that particular focus should be placed on the exchange of information between public and private actors. An improved information flow could help to measure the risk more accurately and thus make cyber risks more insurable and help risk managers to determine the right level of cyber risk for their company. In the context of cyber insurance data, Romanosky et al. ( 2019 ) analysed the underwriting process for cyber insurance and revealed how cyber insurers understand and assess cyber risks. For this research, they examined 235 American cyber insurance policies that were publicly available and looked at three components (coverage, application questionnaires and pricing). The authors state in their findings that many of the insurers used very simple, flat-rate pricing (based on a single calculation of expected loss), while others used more parameters such as the asset value of the company (or company revenue) or standard insurance metrics (e.g. deductible, limits), and the industry in the calculation. This is in keeping with Eling ( 2020 ), who states that an increased amount of data could help to make cyber risk more accurately measured and thus more insurable. Similar research on cyber insurance and data was conducted by Nurse et al. ( 2020 ). The authors examined cyber insurance practitioners' perceptions and the challenges they face in collecting and using data. In addition, gaps were identified during the research where further data is needed. The authors concluded that cyber insurance is still in its infancy, and there are still several unanswered questions (for example, cyber valuation, risk calculation and recovery). They also pointed out that a better understanding of data collection and use in cyber insurance would be invaluable for future research and practice. Bessy-Roland et al. ( 2021 ) come to a similar conclusion. They proposed a multivariate Hawkes framework to model and predict the frequency of cyberattacks. They used a public dataset with characteristics of data breaches affecting the U.S. industry. In the conclusion, the authors make the argument that an insurer has a better knowledge of cyber losses, but that it is based on a small dataset and therefore combination with external data sources seems essential to improve the assessment of cyber risks.

Several systematic reviews have been published in the area of cybersecurity (Kruse et al. 2017 ; Lee et al. 2020 ; Loukas et al. 2013 ; Ulven and Wangen 2021 ). In these papers, the authors concentrated on a specific area or sector in the context of cybersecurity. This paper adds to this extant literature by focusing on data availability and its importance to risk management and insurance stakeholders. With a priority on healthcare and cybersecurity, Kruse et al. ( 2017 ) conducted a systematic literature review. The authors identified 472 articles with the keywords ‘cybersecurity and healthcare’ or ‘ransomware’ in the databases Cumulative Index of Nursing and Allied Health Literature, PubMed and Proquest. Articles were eligible for this review if they satisfied three criteria: (1) they were published between 2006 and 2016, (2) the full-text version of the article was available, and (3) the publication is a peer-reviewed or scholarly journal. The authors found that technological development and federal policies (in the U.S.) are the main factors exposing the health sector to cyber risks. Loukas et al. ( 2013 ) conducted a review with a focus on cyber risks and cybersecurity in emergency management. The authors provided an overview of cyber risks in communication, sensor, information management and vehicle technologies used in emergency management and showed areas for which there is still no solution in the literature. Similarly, Ulven and Wangen ( 2021 ) reviewed the literature on cybersecurity risks in higher education institutions. For the literature review, the authors used the keywords ‘cyber’, ‘information threats’ or ‘vulnerability’ in connection with the terms ‘higher education, ‘university’ or ‘academia’. A similar literature review with a focus on Internet of Things (IoT) cybersecurity was conducted by Lee et al. ( 2020 ). The review revealed that qualitative approaches focus on high-level frameworks, and quantitative approaches to cybersecurity risk management focus on risk assessment and quantification of cyberattacks and impacts. In addition, the findings presented a four-step IoT cyber risk management framework that identifies, quantifies and prioritises cyber risks.

Datasets are an essential part of cybersecurity research, underlined by the following works. Ilhan Firat et al. ( 2021 ) examined various cybersecurity datasets in detail. The study was motivated by the fact that with the proliferation of the internet and smart technologies, the mode of cyberattacks is also evolving. However, in order to prevent such attacks, they must first be detected; the dissemination and further development of cybersecurity datasets is therefore critical. In their work, the authors observed studies of datasets used in intrusion detection systems. Khraisat et al. ( 2019 ) also identified a need for new datasets in the context of cybersecurity. The researchers presented a taxonomy of current intrusion detection systems, a comprehensive review of notable recent work, and an overview of the datasets commonly used for assessment purposes. In their conclusion, the authors noted that new datasets are needed because most machine-learning techniques are trained and evaluated on the knowledge of old datasets. These datasets do not contain new and comprehensive information and are partly derived from datasets from 1999. The authors noted that the core of this issue is the availability of new public datasets as well as their quality. The availability of data, how it is used, created and shared was also investigated by Zheng et al. ( 2018 ). The researchers analysed 965 cybersecurity research papers published between 2012 and 2016. They created a taxonomy of the types of data that are created and shared and then analysed the data collected via datasets. The researchers concluded that while datasets are recognised as valuable for cybersecurity research, the proportion of publicly available datasets is limited.

The main contributions of this review and what differentiates it from previous studies can be summarised as follows. First, as far as we can tell, it is the first work to summarise all available datasets on cyber risk and cybersecurity in the context of a systematic review and present them to the scientific community and cyber insurance and cybersecurity stakeholders. Second, we investigated, analysed, and made available the datasets to support efficient and timely progress in cyber risk research. And third, we enable comparability of datasets so that the appropriate dataset can be selected depending on the research area.

Methodology

Process and eligibility criteria.

The structure of this systematic review is inspired by the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework (Page et al. 2021 ), and the search was conducted from 3 to 10 May 2021. Due to the continuous development of cyber risks and their countermeasures, only articles published in the last 10 years were considered. In addition, only articles published in peer-reviewed journals written in English were included. As a final criterion, only articles that make use of one or more cybersecurity or cyber risk datasets met the inclusion criteria. Specifically, these studies presented new or existing datasets, used them for methods, or used them to verify new results, as well as analysed them in an economic context and pointed out their effects. The criterion was fulfilled if it was clearly stated in the abstract that one or more datasets were used. A detailed explanation of this selection criterion can be found in the ‘Study selection’ section.

Information sources

In order to cover a complete spectrum of literature, various databases were queried to collect relevant literature on the topic of cybersecurity and cyber risks. Due to the spread of related articles across multiple databases, the literature search was limited to the following four databases for simplicity: IEEE Xplore, Scopus, SpringerLink and Web of Science. This is similar to other literature reviews addressing cyber risks or cybersecurity, including Sardi et al. ( 2021 ), Franke and Brynielsson ( 2014 ), Lagerström (2019), Eling and Schnell ( 2016 ) and Eling ( 2020 ). In this paper, all databases used in the aforementioned works were considered. However, only two studies also used all the databases listed. The IEEE Xplore database contains electrical engineering, computer science, and electronics work from over 200 journals and three million conference papers (IEEE 2021 ). Scopus includes 23,400 peer-reviewed journals from more than 5000 international publishers in the areas of science, engineering, medicine, social sciences and humanities (Scopus 2021 ). SpringerLink contains 3742 journals and indexes over 10 million scientific documents (SpringerLink 2021 ). Finally, Web of Science indexes over 9200 journals in different scientific disciplines (Science 2021 ).

A search string was created and applied to all databases. To make the search efficient and reproducible, the following search string with Boolean operator was used in all databases: cybersecurity OR cyber risk AND dataset OR database. To ensure uniformity of the search across all databases, some adjustments had to be made for the respective search engines. In Scopus, for example, the Advanced Search was used, and the field code ‘Title-ABS-KEY’ was integrated into the search string. For IEEE Xplore, the search was carried out with the Search String in the Command Search and ‘All Metadata’. In the Web of Science database, the Advanced Search was used. The special feature of this search was that it had to be carried out in individual steps. The first search was carried out with the terms cybersecurity OR cyber risk with the field tag Topic (T.S. =) and the second search with dataset OR database. Subsequently, these searches were combined, which then delivered the searched articles for review. For SpringerLink, the search string was used in the Advanced Search under the category ‘Find the resources with all of the words’. After conducting this search string, 5219 studies could be found. According to the eligibility criteria (period, language and only scientific journals), 1581 studies were identified in the databases:

Scopus: 135

Springer Link: 548

Web of Science: 534

An overview of the process is given in Fig. 2 . Combined with the results from the four databases, 854 articles without duplicates were identified.

Literature search process and categorisation of the studies

Study selection

In the final step of the selection process, the articles were screened for relevance. Due to a large number of results, the abstracts were analysed in the first step of the process. The aim was to determine whether the article was relevant for the systematic review. An article fulfilled the criterion if it was recognisable in the abstract that it had made a contribution to datasets or databases with regard to cyber risks or cybersecurity. Specifically, the criterion was considered to be met if the abstract used datasets that address the causes or impacts of cyber risks, and measures in the area of cybersecurity. In this process, the number of articles was reduced to 288. The articles were then read in their entirety, and an expert panel of six people decided whether they should be used. This led to a final number of 255 articles. The years in which the articles were published and the exact number can be seen in Fig. 3 .

Distribution of studies

Data collection process and synthesis of the results

For the data collection process, various data were extracted from the studies, including the names of the respective creators, the name of the dataset or database and the corresponding reference. It was also determined where the data came from. In the context of accessibility, it was determined whether access is free, controlled, available for purchase or not available. It was also determined when the datasets were created and the time period referenced. The application type and domain characteristics of the datasets were identified.

This section analyses the results of the systematic literature review. The previously identified studies are divided into three categories: datasets on the causes of cyber risks, datasets on the effects of cyber risks and datasets on cybersecurity. The classification is based on the intended use of the studies. This system of classification makes it easier for stakeholders to find the appropriate datasets. The categories are evaluated individually. Although complete information is available for a large proportion of datasets, this is not true for all of them. Accordingly, the abbreviation N/A has been inserted in the respective characters to indicate that this information could not be determined by the time of submission. The term ‘use cases in the literature’ in the following and supplementary tables refers to the application areas in which the corresponding datasets were used in the literature. The areas listed there refer to the topic area on which the researchers conducted their research. Since some datasets were used interdisciplinarily, the listed use cases in the literature are correspondingly longer. Before discussing each category in the next sections, Fig. 4 provides an overview of the number of datasets found and their year of creation. Figure 5 then shows the relationship between studies and datasets in the period under consideration. Figure 6 shows the distribution of studies, their use of datasets and their creation date. The number of datasets used is higher than the number of studies because the studies often used several datasets (Table 1 ).

Distribution of dataset results

Correlation between the studies and the datasets

Distribution of studies and their use of datasets

Most of the datasets are generated in the U.S. (up to 58.2%). Canada and Australia rank next, with 11.3% and 5% of all the reviewed datasets, respectively.

Additionally, to create value for the datasets for the cyber insurance industry, an assessment of the applicability of each dataset has been provided for cyber insurers. This ‘Use Case Assessment’ includes the use of the data in the context of different analyses, calculation of cyber insurance premiums, and use of the information for the design of cyber insurance contracts or for additional customer services. To reasonably account for the transition of direct hyperlinks in the future, references were directed to the main websites for longevity (nearest resource point). In addition, the links to the main pages contain further information on the datasets and different versions related to the operating systems. The references were chosen in such a way that practitioners get the best overview of the respective datasets.

Case datasets

This section presents selected articles that use the datasets to analyse the causes of cyber risks. The datasets help identify emerging trends and allow pattern discovery in cyber risks. This information gives cybersecurity experts and cyber insurers the data to make better predictions and take appropriate action. For example, if certain vulnerabilities are not adequately protected, cyber insurers will demand a risk surcharge leading to an improvement in the risk-adjusted premium. Due to the capricious nature of cyber risks, existing data must be supplemented with new data sources (for example, new events, new methods or security vulnerabilities) to determine prevailing cyber exposure. The datasets of cyber risk causes could be combined with existing portfolio data from cyber insurers and integrated into existing pricing tools and factors to improve the valuation of cyber risks.

A portion of these datasets consists of several taxonomies and classifications of cyber risks. Aassal et al. ( 2020 ) propose a new taxonomy of phishing characteristics based on the interpretation and purpose of each characteristic. In comparison, Hindy et al. ( 2020 ) presented a taxonomy of network threats and the impact of current datasets on intrusion detection systems. A similar taxonomy was suggested by Kiwia et al. ( 2018 ). The authors presented a cyber kill chain-based taxonomy of banking Trojans features. The taxonomy built on a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major U.K.-based financial organisation.

In the context of classification, Aamir et al. ( 2021 ) showed the benefits of machine learning for classifying port scans and DDoS attacks in a mixture of normal and attack traffic. Guo et al. ( 2020 ) presented a new method to improve malware classification based on entropy sequence features. The evaluation of this new method was conducted on different malware datasets.

To reconstruct attack scenarios and draw conclusions based on the evidence in the alert stream, Barzegar and Shajari ( 2018 ) use the DARPA2000 and MACCDC 2012 dataset for their research. Giudici and Raffinetti ( 2020 ) proposed a rank-based statistical model aimed at predicting the severity levels of cyber risk. The model used cyber risk data from the University of Milan. In contrast to the previous datasets, Skrjanc et al. ( 2018 ) used the older dataset KDD99 to monitor large-scale cyberattacks using a cauchy clustering method.

Amin et al. ( 2021 ) used a cyberattack dataset from the Canadian Institute for Cybersecurity to identify spatial clusters of countries with high rates of cyberattacks. In the context of cybercrime, Junger et al. ( 2020 ) examined crime scripts, key characteristics of the target company and the relationship between criminal effort and financial benefit. For their study, the authors analysed 300 cases of fraudulent activities against Dutch companies. With a similar focus on cybercrime, Mireles et al. ( 2019 ) proposed a metric framework to measure the effectiveness of the dynamic evolution of cyberattacks and defensive measures. To validate its usefulness, they used the DEFCON dataset.

Due to the rapidly changing nature of cyber risks, it is often impossible to obtain all information on them. Kim and Kim ( 2019 ) proposed an automated dataset generation system called CTIMiner that collects threat data from publicly available security reports and malware repositories. They released a dataset to the public containing about 640,000 records from 612 security reports published between January 2008 and 2019. A similar approach is proposed by Kim et al. ( 2020 ), using a named entity recognition system to extract core information from cyber threat reports automatically. They created a 498,000-tag dataset during their research (Ulven and Wangen 2021 ).

Within the framework of vulnerabilities and cybersecurity issues, Ulven and Wangen ( 2021 ) proposed an overview of mission-critical assets and everyday threat events, suggested a generic threat model, and summarised common cybersecurity vulnerabilities. With a focus on hospitality, Chen and Fiscus ( 2018 ) proposed several issues related to cybersecurity in this sector. They analysed 76 security incidents from the Privacy Rights Clearinghouse database. Supplementary Table 1 lists all findings that belong to the cyber causes dataset.

Impact datasets

This section outlines selected findings of the cyber impact dataset. For cyber insurers, these datasets can form an important basis for information, as they can be used to calculate cyber insurance premiums, evaluate specific cyber risks, formulate inclusions and exclusions in cyber wordings, and re-evaluate as well as supplement the data collected so far on cyber risks. For example, information on financial losses can help to better assess the loss potential of cyber risks. Furthermore, the datasets can provide insight into the frequency of occurrence of these cyber risks. The new datasets can be used to close any data gaps that were previously based on very approximate estimates or to find new results.

Eight studies addressed the costs of data breaches. For instance, Eling and Jung ( 2018 ) reviewed 3327 data breach events from 2005 to 2016 and identified an asymmetric dependence of monthly losses by breach type and industry. The authors used datasets from the Privacy Rights Clearinghouse for analysis. The Privacy Rights Clearinghouse datasets and the Breach level index database were also used by De Giovanni et al. ( 2020 ) to describe relationships between data breaches and bitcoin-related variables using the cointegration methodology. The data were obtained from the Department of Health and Human Services of healthcare facilities reporting data breaches and a national database of technical and organisational infrastructure information. Also in the context of data breaches, Algarni et al. ( 2021 ) developed a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. For their survey, the authors used two industrial reports from the Ponemon institute and VERIZON. To illustrate the scope of data breaches, Neto et al. ( 2021 ) identified 430 major data breach incidents among more than 10,000 incidents. The database created is available and covers the period 2018 to 2019.

With a direct focus on insurance, Biener et al. ( 2015 ) analysed 994 cyber loss cases from an operational risk database and investigated the insurability of cyber risks based on predefined criteria. For their study, they used data from the company SAS OpRisk Global Data. Similarly, Eling and Wirfs ( 2019 ) looked at a wide range of cyber risk events and actual cost data using the same database. They identified cyber losses and analysed them using methods from statistics and actuarial science. Using a similar reference, Farkas et al. ( 2021 ) proposed a method for analysing cyber claims based on regression trees to identify criteria for classifying and evaluating claims. Similar to Chen and Fiscus ( 2018 ), the dataset used was the Privacy Rights Clearinghouse database. Within the framework of reinsurance, Moro ( 2020 ) analysed cyber index-based information technology activity to see if index-parametric reinsurance coverage could suggest its cedant using data from a Symantec dataset.

Paté-Cornell et al. ( 2018 ) presented a general probabilistic risk analysis framework for cybersecurity in an organisation to be specified. The results are distributions of losses to cyberattacks, with and without considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. The data used were from The Common Vulnerability and Exposures database and via confidential access to a database of cyberattacks on a large, U.S.-based organisation. A different conceptual framework for cyber risk classification and assessment was proposed by Sheehan et al. ( 2021 ). This framework showed the importance of proactive and reactive barriers in reducing companies’ exposure to cyber risk and quantifying the risk. Another approach to cyber risk assessment and mitigation was proposed by Mukhopadhyay et al. ( 2019 ). They estimated the probability of an attack using generalised linear models, predicted the security technology required to reduce the probability of cyberattacks, and used gamma and exponential distributions to best approximate the average loss data for each malicious attack. They also calculated the expected loss due to cyberattacks, calculated the net premium that would need to be charged by a cyber insurer, and suggested cyber insurance as a strategy to minimise losses. They used the CSI-FBI survey (1997–2010) to conduct their research.

In order to highlight the lack of data on cyber risks, Eling ( 2020 ) conducted a literature review in the areas of cyber risk and cyber insurance. Available information on the frequency, severity, and dependency structure of cyber risks was filtered out. In addition, open questions for future cyber risk research were set up. Another example of data collection on the impact of cyberattacks is provided by Sornette et al. ( 2013 ), who use a database of newspaper articles, press reports and other media to provide a predictive method to identify triggering events and potential accident scenarios and estimate their severity and frequency. A similar approach to data collection was used by Arcuri et al. ( 2020 ) to gather an original sample of global cyberattacks from newspaper reports sourced from the LexisNexis database. This collection is also used and applied to the fields of dynamic communication and cyber risk perception by Fang et al. ( 2021 ). To create a dataset of cyber incidents and disputes, Valeriano and Maness ( 2014 ) collected information on cyber interactions between rival states.

To assess trends and the scale of economic cybercrime, Levi ( 2017 ) examined datasets from different countries and their impact on crime policy. Pooser et al. ( 2018 ) investigated the trend in cyber risk identification from 2006 to 2015 and company characteristics related to cyber risk perception. The authors used a dataset of various reports from cyber insurers for their study. Walker-Roberts et al. ( 2020 ) investigated the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The datasets of impacts identified are presented below. Due to overlap, some may also appear in the causes dataset (Supplementary Table 2).

Cybersecurity datasets

General intrusion detection.

General intrusion detection systems account for the largest share of countermeasure datasets. For companies or researchers focused on cybersecurity, the datasets can be used to test their own countermeasures or obtain information about potential vulnerabilities. For example, Al-Omari et al. ( 2021 ) proposed an intelligent intrusion detection model for predicting and detecting attacks in cyberspace, which was applied to dataset UNSW-NB 15. A similar approach was taken by Choras and Kozik ( 2015 ), who used machine learning to detect cyberattacks on web applications. To evaluate their method, they used the HTTP dataset CSIC 2010. For the identification of unknown attacks on web servers, Kamarudin et al. ( 2017 ) proposed an anomaly-based intrusion detection system using an ensemble classification approach. Ganeshan and Rodrigues ( 2020 ) showed an intrusion detection system approach, which clusters the database into several groups and detects the presence of intrusion in the clusters. In comparison, AlKadi et al. ( 2019 ) used a localisation-based model to discover abnormal patterns in network traffic. Hybrid models have been recommended by Bhattacharya et al. ( 2020 ) and Agrawal et al. ( 2019 ); the former is a machine-learning model based on principal component analysis for the classification of intrusion detection system datasets, while the latter is a hybrid ensemble intrusion detection system for anomaly detection using different datasets to detect patterns in network traffic that deviate from normal behaviour.

Agarwal et al. ( 2021 ) used three different machine learning algorithms in their research to find the most suitable for efficiently identifying patterns of suspicious network activity. The UNSW-NB15 dataset was used for this purpose. Kasongo and Sun ( 2020 ), Feed-Forward Deep Neural Network (FFDNN), Keshk et al. ( 2021 ), the privacy-preserving anomaly detection framework, and others also use the UNSW-NB 15 dataset as part of intrusion detection systems. The same dataset and others were used by Binbusayyis and Vaiyapuri ( 2019 ) to identify and compare key features for cyber intrusion detection. Atefinia and Ahmadi ( 2021 ) proposed a deep neural network model to reduce the false positive rate of an anomaly-based intrusion detection system. Fossaceca et al. ( 2015 ) focused in their research on the development of a framework that combined the outputs of multiple learners in order to improve the efficacy of network intrusion, and Gauthama Raman et al. ( 2020 ) presented a search algorithm based on Support Vector machine to improve the performance of the detection and false alarm rate to improve intrusion detection techniques. Ahmad and Alsemmeari ( 2020 ) targeted extreme learning machine techniques due to their good capabilities in classification problems and handling huge data. They used the NSL-KDD dataset as a benchmark.

With reference to prediction, Bakdash et al. ( 2018 ) used datasets from the U.S. Department of Defence to predict cyberattacks by malware. This dataset consists of weekly counts of cyber events over approximately seven years. Another prediction method was presented by Fan et al. ( 2018 ), which showed an improved integrated cybersecurity prediction method based on spatial-time analysis. Also, with reference to prediction, Ashtiani and Azgomi ( 2014 ) proposed a framework for the distributed simulation of cyberattacks based on high-level architecture. Kirubavathi and Anitha ( 2016 ) recommended an approach to detect botnets, irrespective of their structures, based on network traffic flow behaviour analysis and machine-learning techniques. Dwivedi et al. ( 2021 ) introduced a multi-parallel adaptive technique to utilise an adaption mechanism in the group of swarms for network intrusion detection. AlEroud and Karabatis ( 2018 ) presented an approach that used contextual information to automatically identify and query possible semantic links between different types of suspicious activities extracted from network flows.

Intrusion detection systems with a focus on IoT

In addition to general intrusion detection systems, a proportion of studies focused on IoT. Habib et al. ( 2020 ) presented an approach for converting traditional intrusion detection systems into smart intrusion detection systems for IoT networks. To enhance the process of diagnostic detection of possible vulnerabilities with an IoT system, Georgescu et al. ( 2019 ) introduced a method that uses a named entity recognition-based solution. With regard to IoT in the smart home sector, Heartfield et al. ( 2021 ) presented a detection system that is able to autonomously adjust the decision function of its underlying anomaly classification models to a smart home’s changing condition. Another intrusion detection system was suggested by Keserwani et al. ( 2021 ), which combined Grey Wolf Optimization and Particle Swam Optimization to identify various attacks for IoT networks. They used the KDD Cup 99, NSL-KDD and CICIDS-2017 to evaluate their model. Abu Al-Haija and Zein-Sabatto ( 2020 ) provide a comprehensive development of a new intelligent and autonomous deep-learning-based detection and classification system for cyberattacks in IoT communication networks that leverage the power of convolutional neural networks, abbreviated as IoT-IDCS-CNN (IoT-based Intrusion Detection and Classification System using Convolutional Neural Network). To evaluate the development, the authors used the NSL-KDD dataset. Biswas and Roy ( 2021 ) recommended a model that identifies malicious botnet traffic using novel deep-learning approaches like artificial neural networks gutted recurrent units and long- or short-term memory models. They tested their model with the Bot-IoT dataset.

With a more forensic background, Koroniotis et al. ( 2020 ) submitted a network forensic framework, which described the digital investigation phases for identifying and tracing attack behaviours in IoT networks. The suggested work was evaluated with the Bot-IoT and UINSW-NB15 datasets. With a focus on big data and IoT, Chhabra et al. ( 2020 ) presented a cyber forensic framework for big data analytics in an IoT environment using machine learning. Furthermore, the authors mentioned different publicly available datasets for machine-learning models.

A stronger focus on a mobile phones was exhibited by Alazab et al. ( 2020 ), which presented a classification model that combined permission requests and application programme interface calls. The model was tested with a malware dataset containing 27,891 Android apps. A similar approach was taken by Li et al. ( 2019a , b ), who proposed a reliable classifier for Android malware detection based on factorisation machine architecture and extraction of Android app features from manifest files and source code.

Literature reviews

In addition to the different methods and models for intrusion detection systems, various literature reviews on the methods and datasets were also found. Liu and Lang ( 2019 ) proposed a taxonomy of intrusion detection systems that uses data objects as the main dimension to classify and summarise machine learning and deep learning-based intrusion detection literature. They also presented four different benchmark datasets for machine-learning detection systems. Ahmed et al. ( 2016 ) presented an in-depth analysis of four major categories of anomaly detection techniques, which include classification, statistical, information theory and clustering. Hajj et al. ( 2021 ) gave a comprehensive overview of anomaly-based intrusion detection systems. Their article gives an overview of the requirements, methods, measurements and datasets that are used in an intrusion detection system.

Within the framework of machine learning, Chattopadhyay et al. ( 2018 ) conducted a comprehensive review and meta-analysis on the application of machine-learning techniques in intrusion detection systems. They also compared different machine learning techniques in different datasets and summarised the performance. Vidros et al. ( 2017 ) presented an overview of characteristics and methods in automatic detection of online recruitment fraud. They also published an available dataset of 17,880 annotated job ads, retrieved from the use of a real-life system. An empirical study of different unsupervised learning algorithms used in the detection of unknown attacks was presented by Meira et al. ( 2020 ).

New datasets

Kilincer et al. ( 2021 ) reviewed different intrusion detection system datasets in detail. They had a closer look at the UNS-NB15, ISCX-2012, NSL-KDD and CIDDS-001 datasets. Stojanovic et al. ( 2020 ) also provided a review on datasets and their creation for use in advanced persistent threat detection in the literature. Another review of datasets was provided by Sarker et al. ( 2020 ), who focused on cybersecurity data science as part of their research and provided an overview from a machine-learning perspective. Avila et al. ( 2021 ) conducted a systematic literature review on the use of security logs for data leak detection. They recommended a new classification of information leak, which uses the GDPR principles, identified the most widely publicly available dataset for threat detection, described the attack types in the datasets and the algorithms used for data leak detection. Tuncer et al. ( 2020 ) presented a bytecode-based detection method consisting of feature extraction using local neighbourhood binary patterns. They chose a byte-based malware dataset to investigate the performance of the proposed local neighbourhood binary pattern-based detection method. With a different focus, Mauro et al. ( 2020 ) gave an experimental overview of neural-based techniques relevant to intrusion detection. They assessed the value of neural networks using the Bot-IoT and UNSW-DB15 datasets.

Another category of results in the context of countermeasure datasets is those that were presented as new. Moreno et al. ( 2018 ) developed a database of 300 security-related accidents from European and American sources. The database contained cybersecurity-related events in the chemical and process industry. Damasevicius et al. ( 2020 ) proposed a new dataset (LITNET-2020) for network intrusion detection. The dataset is a new annotated network benchmark dataset obtained from the real-world academic network. It presents real-world examples of normal and under-attack network traffic. With a focus on IoT intrusion detection systems, Alsaedi et al. ( 2020 ) proposed a new benchmark IoT/IIot datasets for assessing intrusion detection system-enabled IoT systems. Also in the context of IoT, Vaccari et al. ( 2020 ) proposed a dataset focusing on message queue telemetry transport protocols, which can be used to train machine-learning models. To evaluate the performance of machine-learning classifiers, Mahfouz et al. ( 2020 ) created a dataset called Game Theory and Cybersecurity (GTCS). A dataset containing 22,000 malware and benign samples was constructed by Martin et al. ( 2019 ). The dataset can be used as a benchmark to test the algorithm for Android malware classification and clustering techniques. In addition, Laso et al. ( 2017 ) presented a dataset created to investigate how data and information quality estimates enable the detection of anomalies and malicious acts in cyber-physical systems. The dataset contained various cyberattacks and is publicly available.

In addition to the results described above, several other studies were found that fit into the category of countermeasures. Johnson et al. ( 2016 ) examined the time between vulnerability disclosures. Using another vulnerabilities database, Common Vulnerabilities and Exposures (CVE), Subroto and Apriyana ( 2019 ) presented an algorithm model that uses big data analysis of social media and statistical machine learning to predict cyber risks. A similar databank but with a different focus, Common Vulnerability Scoring System, was used by Chatterjee and Thekdi ( 2020 ) to present an iterative data-driven learning approach to vulnerability assessment and management for complex systems. Using the CICIDS2017 dataset to evaluate the performance, Malik et al. ( 2020 ) proposed a control plane-based orchestration for varied, sophisticated threats and attacks. The same dataset was used in another study by Lee et al. ( 2019 ), who developed an artificial security information event management system based on a combination of event profiling for data processing and different artificial network methods. To exploit the interdependence between multiple series, Fang et al. ( 2021 ) proposed a statistical framework. In order to validate the framework, the authors applied it to a dataset of enterprise-level security breaches from the Privacy Rights Clearinghouse and Identity Theft Center database. Another framework with a defensive aspect was recommended by Li et al. ( 2021 ) to increase the robustness of deep neural networks against adversarial malware evasion attacks. Sarabi et al. ( 2016 ) investigated whether and to what extent business details can help assess an organisation's risk of data breaches and the distribution of risk across different types of incidents to create policies for protection, detection and recovery from different forms of security incidents. They used data from the VERIS Community Database.

Datasets that have been classified into the cybersecurity category are detailed in Supplementary Table 3. Due to overlap, records from the previous tables may also be included.

This paper presented a systematic literature review of studies on cyber risk and cybersecurity that used datasets. Within this framework, 255 studies were fully reviewed and then classified into three different categories. Then, 79 datasets were consolidated from these studies. These datasets were subsequently analysed, and important information was selected through a process of filtering out. This information was recorded in a table and enhanced with further information as part of the literature analysis. This made it possible to create a comprehensive overview of the datasets. For example, each dataset contains a description of where the data came from and how the data has been used to date. This allows different datasets to be compared and the appropriate dataset for the use case to be selected. This research certainly has limitations, so our selection of datasets cannot necessarily be taken as a representation of all available datasets related to cyber risks and cybersecurity. For example, literature searches were conducted in four academic databases and only found datasets that were used in the literature. Many research projects also used old datasets that may no longer consider current developments. In addition, the data are often focused on only one observation and are limited in scope. For example, the datasets can only be applied to specific contexts and are also subject to further limitations (e.g. region, industry, operating system). In the context of the applicability of the datasets, it is unfortunately not possible to make a clear statement on the extent to which they can be integrated into academic or practical areas of application or how great this effort is. Finally, it remains to be pointed out that this is an overview of currently available datasets, which are subject to constant change.

Due to the lack of datasets on cyber risks in the academic literature, additional datasets on cyber risks were integrated as part of a further search. The search was conducted on the Google Dataset search portal. The search term used was ‘cyber risk datasets’. Over 100 results were found. However, due to the low significance and verifiability, only 20 selected datasets were included. These can be found in Table 2 in the “ Appendix ”.

The results of the literature review and datasets also showed that there continues to be a lack of available, open cyber datasets. This lack of data is reflected in cyber insurance, for example, as it is difficult to find a risk-based premium without a sufficient database (Nurse et al. 2020 ). The global cyber insurance market was estimated at USD 5.5 billion in 2020 (Dyson 2020 ). When compared to the USD 1 trillion global losses from cybercrime (Maleks Smith et al. 2020 ), it is clear that there exists a significant cyber risk awareness challenge for both the insurance industry and international commerce. Without comprehensive and qualitative data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price cyber insurance accordingly (GAO 2021 ). For instance, the average cyber insurance loss increased from USD 145,000 in 2019 to USD 359,000 in 2020 (FitchRatings 2021 ). Cyber insurance is an important risk management tool to mitigate the financial impact of cybercrime. This is particularly evident in the impact of different industries. In the Energy & Commodities financial markets, a ransomware attack on the Colonial Pipeline led to a substantial impact on the U.S. economy. As a result of the attack, about 45% of the U.S. East Coast was temporarily unable to obtain supplies of diesel, petrol and jet fuel. This caused the average price in the U.S. to rise 7 cents to USD 3.04 per gallon, the highest in seven years (Garber 2021 ). In addition, Colonial Pipeline confirmed that it paid a USD 4.4 million ransom to a hacker gang after the attack. Another ransomware attack occurred in the healthcare and government sector. The victim of this attack was the Irish Health Service Executive (HSE). A ransom payment of USD 20 million was demanded from the Irish government to restore services after the hack (Tidy 2021 ). In the car manufacturing sector, Miller and Valasek ( 2015 ) initiated a cyberattack that resulted in the recall of 1.4 million vehicles and cost manufacturers EUR 761 million. The risk that arises in the context of these events is the potential for the accumulation of cyber losses, which is why cyber insurers are not expanding their capacity. An example of this accumulation of cyber risks is the NotPetya malware attack, which originated in Russia, struck in Ukraine, and rapidly spread around the world, causing at least USD 10 billion in damage (GAO 2021 ). These events highlight the importance of proper cyber risk management.

This research provides cyber insurance stakeholders with an overview of cyber datasets. Cyber insurers can use the open datasets to improve their understanding and assessment of cyber risks. For example, the impact datasets can be used to better measure financial impacts and their frequencies. These data could be combined with existing portfolio data from cyber insurers and integrated with existing pricing tools and factors to better assess cyber risk valuation. Although most cyber insurers have sparse historical cyber policy and claims data, they remain too small at present for accurate prediction (Bessy-Roland et al. 2021 ). A combination of portfolio data and external datasets would support risk-adjusted pricing for cyber insurance, which would also benefit policyholders. In addition, cyber insurance stakeholders can use the datasets to identify patterns and make better predictions, which would benefit sustainable cyber insurance coverage. In terms of cyber risk cause datasets, cyber insurers can use the data to review their insurance products. For example, the data could provide information on which cyber risks have not been sufficiently considered in product design or where improvements are needed. A combination of cyber cause and cybersecurity datasets can help establish uniform definitions to provide greater transparency and clarity. Consistent terminology could lead to a more sustainable cyber market, where cyber insurers make informed decisions about the level of coverage and policyholders understand their coverage (The Geneva Association 2020).

In addition to the cyber insurance community, this research also supports cybersecurity stakeholders. The reviewed literature can be used to provide a contemporary, contextual and categorised summary of available datasets. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks. With the help of the described cybersecurity datasets and the identified information, a comparison of different datasets is possible. The datasets can be used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems.

In this paper, we conducted a systematic review of studies on cyber risk and cybersecurity databases. We found that most of the datasets are in the field of intrusion detection and machine learning and are used for technical cybersecurity aspects. The available datasets on cyber risks were relatively less represented. Due to the dynamic nature and lack of historical data, assessing and understanding cyber risk is a major challenge for cyber insurance stakeholders. To address this challenge, a greater density of cyber data is needed to support cyber insurers in risk management and researchers with cyber risk-related topics. With reference to ‘Open Science’ FAIR data (Jacobsen et al. 2020 ), mandatory reporting of cyber incidents could help improve cyber understanding, awareness and loss prevention among companies and insurers. Through greater availability of data, cyber risks can be better understood, enabling researchers to conduct more in-depth research into these risks. Companies could incorporate this new knowledge into their corporate culture to reduce cyber risks. For insurance companies, this would have the advantage that all insurers would have the same understanding of cyber risks, which would support sustainable risk-based pricing. In addition, common definitions of cyber risks could be derived from new data.

The cybersecurity databases summarised and categorised in this research could provide a different perspective on cyber risks that would enable the formulation of common definitions in cyber policies. The datasets can help companies addressing cybersecurity and cyber risk as part of risk management assess their internal cyber posture and cybersecurity measures. The paper can also help improve risk awareness and corporate behaviour, and provides the research community with a comprehensive overview of peer-reviewed datasets and other available datasets in the area of cyber risk and cybersecurity. This approach is intended to support the free availability of data for research. The complete tabulated review of the literature is included in the Supplementary Material.

This work provides directions for several paths of future work. First, there are currently few publicly available datasets for cyber risk and cybersecurity. The older datasets that are still widely used no longer reflect today's technical environment. Moreover, they can often only be used in one context, and the scope of the samples is very limited. It would be of great value if more datasets were publicly available that reflect current environmental conditions. This could help intrusion detection systems to consider current events and thus lead to a higher success rate. It could also compensate for the disadvantages of older datasets by collecting larger quantities of samples and making this contextualisation more widespread. Another area of research may be the integratability and adaptability of cybersecurity and cyber risk datasets. For example, it is often unclear to what extent datasets can be integrated or adapted to existing data. For cyber risks and cybersecurity, it would be helpful to know what requirements need to be met or what is needed to use the datasets appropriately. In addition, it would certainly be helpful to know whether datasets can be modified to be used for cyber risks or cybersecurity. Finally, the ability for stakeholders to identify machine-readable cybersecurity datasets would be useful because it would allow for even clearer delineations or comparisons between datasets. Due to the lack of publicly available datasets, concrete benchmarks often cannot be applied.

Average cost of a breach of more than 50 million records.

Aamir, M., S.S.H. Rizvi, M.A. Hashmani, M. Zubair, and J. Ahmad. 2021. Machine learning classification of port scanning and DDoS attacks: A comparative analysis. Mehran University Research Journal of Engineering and Technology 40 (1): 215–229. https://doi.org/10.22581/muet1982.2101.19 .

Article Google Scholar

Aamir, M., and S.M.A. Zaidi. 2019. DDoS attack detection with feature engineering and machine learning: The framework and performance evaluation. International Journal of Information Security 18 (6): 761–785. https://doi.org/10.1007/s10207-019-00434-1 .

Aassal, A. El, S. Baki, A. Das, and R.M. Verma. 2020. 2020. An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access 8: 22170–22192. https://doi.org/10.1109/ACCESS.2020.2969780 .

Abu Al-Haija, Q., and S. Zein-Sabatto. 2020. An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9 (12): 26. https://doi.org/10.3390/electronics9122152 .

Adhikari, U., T.H. Morris, and S.Y. Pan. 2018. Applying Hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Transactions on Smart Grid 9 (5): 4049–4060. https://doi.org/10.1109/tsg.2017.2647778 .

Agarwal, A., P. Sharma, M. Alshehri, A.A. Mohamed, and O. Alfarraj. 2021. Classification model for accuracy and intrusion detection using machine learning approach. PeerJ Computer Science . https://doi.org/10.7717/peerj-cs.437 .

Agrafiotis, I., J.R.C.. Nurse, M. Goldsmith, S. Creese, and D. Upton. 2018. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity 4: tyy006.

Agrawal, A., S. Mohammed, and J. Fiaidhi. 2019. Ensemble technique for intruder detection in network traffic. International Journal of Security and Its Applications 13 (3): 1–8. https://doi.org/10.33832/ijsia.2019.13.3.01 .

Ahmad, I., and R.A. Alsemmeari. 2020. Towards improving the intrusion detection through ELM (extreme learning machine). CMC Computers Materials & Continua 65 (2): 1097–1111. https://doi.org/10.32604/cmc.2020.011732 .

Ahmed, M., A.N. Mahmood, and J.K. Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60: 19–31. https://doi.org/10.1016/j.jnca.2015.11.016 .

Al-Jarrah, O.Y., O. Alhussein, P.D. Yoo, S. Muhaidat, K. Taha, and K. Kim. 2016. Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics 46 (8): 1796–1806. https://doi.org/10.1109/TCYB.2015.2490802 .

Al-Mhiqani, M.N., R. Ahmad, Z.Z. Abidin, W. Yassin, A. Hassan, K.H. Abdulkareem, N.S. Ali, and Z. Yunos. 2020. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations. Applied Sciences—Basel 10 (15): 41. https://doi.org/10.3390/app10155208 .

Al-Omari, M., M. Rawashdeh, F. Qutaishat, M. Alshira’H, and N. Ababneh. 2021. An intelligent tree-based intrusion detection model for cyber security. Journal of Network and Systems Management 29 (2): 18. https://doi.org/10.1007/s10922-021-09591-y .

Alabdallah, A., and M. Awad. 2018. Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System. KSII Transactions on Internet and Information Systems 12 (10): 5143–5158. https://doi.org/10.3837/tiis.2018.10.027 .

Alazab, M., M. Alazab, A. Shalaginov, A. Mesleh, and A. Awajan. 2020. Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems—the International Journal of eScience 107: 509–521. https://doi.org/10.1016/j.future.2020.02.002 .

Albahar, M.A., R.A. Al-Falluji, and M. Binsawad. 2020. An empirical comparison on malicious activity detection using different neural network-based models. IEEE Access 8: 61549–61564. https://doi.org/10.1109/ACCESS.2020.2984157 .

AlEroud, A.F., and G. Karabatis. 2018. Queryable semantics to detect cyber-attacks: A flow-based detection approach. IEEE Transactions on Systems, Man, and Cybernetics: Systems 48 (2): 207–223. https://doi.org/10.1109/TSMC.2016.2600405 .

Algarni, A.M., V. Thayananthan, and Y.K. Malaiya. 2021. Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems. Applied Sciences (switzerland) . https://doi.org/10.3390/app11083678 .

Alhowaide, A., I. Alsmadi, and J. Tang. 2021. Towards the design of real-time autonomous IoT NIDS. Cluster Computing—the Journal of Networks Software Tools and Applications . https://doi.org/10.1007/s10586-021-03231-5 .

Ali, S., and Y. Li. 2019. Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access 7: 108647–108659. https://doi.org/10.1109/ACCESS.2019.2933304 .

AlKadi, O., N. Moustafa, B. Turnbull, and K.K.R. Choo. 2019. Mixture localization-based outliers models for securing data migration in cloud centers. IEEE Access 7: 114607–114618. https://doi.org/10.1109/ACCESS.2019.2935142 .

Allianz. 2021. Allianz Risk Barometer. https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2021.pdf . Accessed 15 May 2021.

Almiani, M., A. AbuGhazleh, A. Al-Rahayfeh, S. Atiewi, and Razaque, A. 2020. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101: 102031. https://doi.org/10.1016/j.simpat.2019.102031

Alsaedi, A., N. Moustafa, Z. Tari, A. Mahmood, and A. Anwar. 2020. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8: 165130–165150. https://doi.org/10.1109/access.2020.3022862 .

Alsamiri, J., and K. Alsubhi. 2019. Internet of Things cyber attacks detection using machine learning. International Journal of Advanced Computer Science and Applications 10 (12): 627–634.

Alsharafat, W. 2013. Applying artificial neural network and eXtended classifier system for network intrusion detection. International Arab Journal of Information Technology 10 (3): 230–238.

Google Scholar

Amin, R.W., H.E. Sevil, S. Kocak, G. Francia III., and P. Hoover. 2021. The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information (switzerland) 12 (1): 1–18. https://doi.org/10.3390/info12010002 .

Arcuri, M.C., L.Z. Gai, F. Ielasi, and E. Ventisette. 2020. Cyber attacks on hospitality sector: Stock market reaction. Journal of Hospitality and Tourism Technology 11 (2): 277–290. https://doi.org/10.1108/jhtt-05-2019-0080 .

Arp, D., M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T. Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Ndss 14: 23–26.

Ashtiani, M., and M.A. Azgomi. 2014. A distributed simulation framework for modeling cyber attacks and the evaluation of security measures. Simulation 90 (9): 1071–1102. https://doi.org/10.1177/0037549714540221 .

Atefinia, R., and M. Ahmadi. 2021. Network intrusion detection using multi-architectural modular deep neural network. Journal of Supercomputing 77 (4): 3571–3593. https://doi.org/10.1007/s11227-020-03410-y .

Avila, R., R. Khoury, R. Khoury, and F. Petrillo. 2021. Use of security logs for data leak detection: A systematic literature review. Security and Communication Networks 2021: 29. https://doi.org/10.1155/2021/6615899 .

Azeez, N.A., T.J. Ayemobola, S. Misra, R. Maskeliunas, and R. Damasevicius. 2019. Network Intrusion Detection with a Hashing Based Apriori Algorithm Using Hadoop MapReduce. Computers 8 (4): 15. https://doi.org/10.3390/computers8040086 .

Bakdash, J.Z., S. Hutchinson, E.G. Zaroukian, L.R. Marusich, S. Thirumuruganathan, C. Sample, B. Hoffman, and G. Das. 2018. Malware in the future forecasting of analyst detection of cyber events. Journal of Cybersecurity . https://doi.org/10.1093/cybsec/tyy007 .

Barletta, V.S., D. Caivano, A. Nannavecchia, and M. Scalera. 2020. Intrusion detection for in-vehicle communication networks: An unsupervised Kohonen SOM approach. Future Internet . https://doi.org/10.3390/FI12070119 .

Barzegar, M., and M. Shajari. 2018. Attack scenario reconstruction using intrusion semantics. Expert Systems with Applications 108: 119–133. https://doi.org/10.1016/j.eswa.2018.04.030 .

Bessy-Roland, Y., A. Boumezoued, and C. Hillairet. 2021. Multivariate Hawkes process for cyber insurance. Annals of Actuarial Science 15 (1): 14–39.

Bhardwaj, A., V. Mangat, and R. Vig. 2020. Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud. IEEE Access 8: 181916–181929. https://doi.org/10.1109/ACCESS.2020.3028690 .

Bhati, B.S., C.S. Rai, B. Balamurugan, and F. Al-Turjman. 2020. An intrusion detection scheme based on the ensemble of discriminant classifiers. Computers & Electrical Engineering 86: 9. https://doi.org/10.1016/j.compeleceng.2020.106742 .

Bhattacharya, S., S.S.R. Krishnan, P.K.R. Maddikunta, R. Kaluri, S. Singh, T.R. Gadekallu, M. Alazab, and U. Tariq. 2020. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9 (2): 16. https://doi.org/10.3390/electronics9020219 .

Bibi, I., A. Akhunzada, J. Malik, J. Iqbal, A. Musaddiq, and S. Kim. 2020. A dynamic DL-driven architecture to combat sophisticated android malware. IEEE Access 8: 129600–129612. https://doi.org/10.1109/ACCESS.2020.3009819 .

Biener, C., M. Eling, and J.H. Wirfs. 2015. Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance—Issues and Practice 40 (1): 131–158. https://doi.org/10.1057/gpp.2014.19 .

Binbusayyis, A., and T. Vaiyapuri. 2019. Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach. IEEE Access 7: 106495–106513. https://doi.org/10.1109/ACCESS.2019.2929487 .

Biswas, R., and S. Roy. 2021. Botnet traffic identification using neural networks. Multimedia Tools and Applications . https://doi.org/10.1007/s11042-021-10765-8 .

Bouyeddou, B., F. Harrou, B. Kadri, and Y. Sun. 2021. Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing—the Journal of Networks Software Tools and Applications 24 (2): 1435–1453. https://doi.org/10.1007/s10586-020-03203-1 .

Bozkir, A.S., and M. Aydos. 2020. LogoSENSE: A companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Computers & Security 95: 18. https://doi.org/10.1016/j.cose.2020.101855 .

Brower, D., and M. McCormick. 2021. Colonial pipeline resumes operations following ransomware attack. Financial Times .

Cai, H., F. Zhang, and A. Levi. 2019. An unsupervised method for detecting shilling attacks in recommender systems by mining item relationship and identifying target items. The Computer Journal 62 (4): 579–597. https://doi.org/10.1093/comjnl/bxy124 .

Cebula, J.J., M.E. Popeck, and L.R. Young. 2014. A Taxonomy of Operational Cyber Security Risks Version 2 .

Chadza, T., K.G. Kyriakopoulos, and S. Lambotharan. 2020. Learning to learn sequential network attacks using hidden Markov models. IEEE Access 8: 134480–134497. https://doi.org/10.1109/ACCESS.2020.3011293 .

Chatterjee, S., and S. Thekdi. 2020. An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems. Reliability Engineering and System Safety . https://doi.org/10.1016/j.ress.2019.106664 .

Chattopadhyay, M., R. Sen, and S. Gupta. 2018. A comprehensive review and meta-analysis on applications of machine learning techniques in intrusion detection. Australasian Journal of Information Systems 22: 27.

Chen, H.S., and J. Fiscus. 2018. The inhospitable vulnerability: A need for cybersecurity risk assessment in the hospitality industry. Journal of Hospitality and Tourism Technology 9 (2): 223–234. https://doi.org/10.1108/JHTT-07-2017-0044 .

Chhabra, G.S., V.P. Singh, and M. Singh. 2020. Cyber forensics framework for big data analytics in IoT environment using machine learning. Multimedia Tools and Applications 79 (23–24): 15881–15900. https://doi.org/10.1007/s11042-018-6338-1 .

Chiba, Z., N. Abghour, K. Moussaid, A. Elomri, and M. Rida. 2019. Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms. Computers and Security 86: 291–317. https://doi.org/10.1016/j.cose.2019.06.013 .

Choras, M., and R. Kozik. 2015. Machine learning techniques applied to detect cyber attacks on web applications. Logic Journal of the IGPL 23 (1): 45–56. https://doi.org/10.1093/jigpal/jzu038 .

Chowdhury, S., M. Khanzadeh, R. Akula, F. Zhang, S. Zhang, H. Medal, M. Marufuzzaman, and L. Bian. 2017. Botnet detection using graph-based feature clustering. Journal of Big Data 4 (1): 14. https://doi.org/10.1186/s40537-017-0074-7 .

Cost Of A Cyber Incident: Systematic Review And Cross-Validation, Cybersecurity & Infrastructure Agency , 1, https://www.cisa.gov/sites/default/files/publications/CISA-OCE_Cost_of_Cyber_Incidents_Study-FINAL_508.pdf (2020).

D’Hooge, L., T. Wauters, B. Volckaert, and F. De Turck. 2019. Classification hardness for supervised learners on 20 years of intrusion detection data. IEEE Access 7: 167455–167469. https://doi.org/10.1109/access.2019.2953451 .

Damasevicius, R., A. Venckauskas, S. Grigaliunas, J. Toldinas, N. Morkevicius, T. Aleliunas, and P. Smuikys. 2020. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics 9 (5): 23. https://doi.org/10.3390/electronics9050800 .

De Giovanni, A.L.D., and M. Pirra. 2020. On the determinants of data breaches: A cointegration analysis. Decisions in Economics and Finance . https://doi.org/10.1007/s10203-020-00301-y .

Deng, L., D. Li, X. Yao, and H. Wang. 2019. Retracted Article: Mobile network intrusion detection for IoT system based on transfer learning algorithm. Cluster Computing 22 (4): 9889–9904. https://doi.org/10.1007/s10586-018-1847-2 .

Donkal, G., and G.K. Verma. 2018. A multimodal fusion based framework to reinforce IDS for securing Big Data environment using Spark. Journal of Information Security and Applications 43: 1–11. https://doi.org/10.1016/j.jisa.2018.10.001 .

Dunn, C., N. Moustafa, and B. Turnbull. 2020. Robustness evaluations of sustainable machine learning models against data Poisoning attacks in the Internet of Things. Sustainability 12 (16): 17. https://doi.org/10.3390/su12166434 .

Dwivedi, S., M. Vardhan, and S. Tripathi. 2021. Multi-parallel adaptive grasshopper optimization technique for detecting anonymous attacks in wireless networks. Wireless Personal Communications . https://doi.org/10.1007/s11277-021-08368-5 .

Dyson, B. 2020. COVID-19 crisis could be ‘watershed’ for cyber insurance, says Swiss Re exec. https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/covid-19-crisis-could-be-watershed-for-cyber-insurance-says-swiss-re-exec-59197154 . Accessed 7 May 2020.

EIOPA. 2018. Understanding cyber insurance—a structured dialogue with insurance companies. https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_understanding_cyber_insurance.pdf . Accessed 28 May 2018

Elijah, A.V., A. Abdullah, N.Z. JhanJhi, M. Supramaniam, and O.B. Abdullateef. 2019. Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: An empirical study. International Journal of Advanced Computer Science and Applications 10 (9): 520–528.

Eling, M., and K. Jung. 2018. Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance Mathematics & Economics 82: 167–180. https://doi.org/10.1016/j.insmatheco.2018.07.003 .

Eling, M., and W. Schnell. 2016. What do we know about cyber risk and cyber risk insurance? Journal of Risk Finance 17 (5): 474–491. https://doi.org/10.1108/jrf-09-2016-0122 .

Eling, M., and J. Wirfs. 2019. What are the actual costs of cyber risk events? European Journal of Operational Research 272 (3): 1109–1119. https://doi.org/10.1016/j.ejor.2018.07.021 .

Eling, M. 2020. Cyber risk research in business and actuarial science. European Actuarial Journal 10 (2): 303–333.

Elmasry, W., A. Akbulut, and A.H. Zaim. 2019. Empirical study on multiclass classification-based network intrusion detection. Computational Intelligence 35 (4): 919–954. https://doi.org/10.1111/coin.12220 .

Elsaid, S.A., and N.S. Albatati. 2020. An optimized collaborative intrusion detection system for wireless sensor networks. Soft Computing 24 (16): 12553–12567. https://doi.org/10.1007/s00500-020-04695-0 .

Estepa, R., J.E. Díaz-Verdejo, A. Estepa, and G. Madinabeitia. 2020. How much training data is enough? A case study for HTTP anomaly-based intrusion detection. IEEE Access 8: 44410–44425. https://doi.org/10.1109/ACCESS.2020.2977591 .

European Council. 2021. Cybersecurity: how the EU tackles cyber threats. https://www.consilium.europa.eu/en/policies/cybersecurity/ . Accessed 10 May 2021

Falco, G. et al. 2019. Cyber risk research impeded by disciplinary barriers. Science (American Association for the Advancement of Science) 366 (6469): 1066–1069.

Fan, Z.J., Z.P. Tan, C.X. Tan, and X. Li. 2018. An improved integrated prediction method of cyber security situation based on spatial-time analysis. Journal of Internet Technology 19 (6): 1789–1800. https://doi.org/10.3966/160792642018111906015 .

Fang, Z.J., M.C. Xu, S.H. Xu, and T.Z. Hu. 2021. A framework for predicting data breach risk: Leveraging dependence to cope with sparsity. IEEE Transactions on Information Forensics and Security 16: 2186–2201. https://doi.org/10.1109/tifs.2021.3051804 .

Farkas, S., O. Lopez, and M. Thomas. 2021. Cyber claim analysis using Generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics 98: 92–105. https://doi.org/10.1016/j.insmatheco.2021.02.009 .

Farsi, H., A. Fanian, and Z. Taghiyarrenani. 2019. A novel online state-based anomaly detection system for process control networks. International Journal of Critical Infrastructure Protection 27: 11. https://doi.org/10.1016/j.ijcip.2019.100323 .

Ferrag, M.A., L. Maglaras, S. Moschoyiannis, and H. Janicke. 2020. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications 50: 19. https://doi.org/10.1016/j.jisa.2019.102419 .

Field, M. 2018. WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled. https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/ . Accessed 9 May 2018.

FitchRatings. 2021. U.S. Cyber Insurance Market Update (Spike in Claims Leads to Decline in 2020 Underwriting Performance). https://www.fitchratings.com/research/insurance/us-cyber-insurance-market-update-spike-in-claims-leads-to-decline-in-2020-underwriting-performance-26-05-2021 .

Fossaceca, J.M., T.A. Mazzuchi, and S. Sarkani. 2015. MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications 42 (8): 4062–4080. https://doi.org/10.1016/j.eswa.2014.12.040 .

Franke, U., and J. Brynielsson. 2014. Cyber situational awareness–a systematic review of the literature. Computers & security 46: 18–31.

Freeha, K., K.J. Hwan, M. Lars, and M. Robin. 2021. Data breach management: An integrated risk model. Information & Management 58 (1): 103392. https://doi.org/10.1016/j.im.2020.103392 .

Ganeshan, R., and P. Rodrigues. 2020. Crow-AFL: Crow based adaptive fractional lion optimization approach for the intrusion detection. Wireless Personal Communications 111 (4): 2065–2089. https://doi.org/10.1007/s11277-019-06972-0 .

GAO. 2021. CYBER INSURANCE—Insurers and policyholders face challenges in an evolving market. https://www.gao.gov/assets/gao-21-477.pdf . Accessed 16 May 2021.

Garber, J. 2021. Colonial Pipeline fiasco foreshadows impact of Biden energy policy. https://www.foxbusiness.com/markets/colonial-pipeline-fiasco-foreshadows-impact-of-biden-energy-policy . Accessed 4 May 2021.

Gauthama Raman, M.R., N. Somu, S. Jagarapu, T. Manghnani, T. Selvam, K. Krithivasan, and V.S. Shankar Sriram. 2020. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artificial Intelligence Review 53 (5): 3255–3286. https://doi.org/10.1007/s10462-019-09762-z .

Gavel, S., A.S. Raghuvanshi, and S. Tiwari. 2021. Distributed intrusion detection scheme using dual-axis dimensionality reduction for Internet of things (IoT). Journal of Supercomputing . https://doi.org/10.1007/s11227-021-03697-5 .

GDPR.EU. 2021. FAQ. https://gdpr.eu/faq/ . Accessed 10 May 2021.

Georgescu, T.M., B. Iancu, and M. Zurini. 2019. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in IoT networks. Sensors (switzerland) . https://doi.org/10.3390/s19153380 .

Giudici, P., and E. Raffinetti. 2020. Cyber risk ordering with rank-based statistical models. AStA Advances in Statistical Analysis . https://doi.org/10.1007/s10182-020-00387-0 .

Goh, J., S. Adepu, K.N. Junejo, and A. Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In CRITIS.

Gong, X.Y., J.L. Lu, Y.F. Zhou, H. Qiu, and R. He. 2021. Model uncertainty based annotation error fixing for web attack detection. Journal of Signal Processing Systems for Signal Image and Video Technology 93 (2–3): 187–199. https://doi.org/10.1007/s11265-019-01494-1 .

Goode, S., H. Hoehle, V. Venkatesh, and S.A. Brown. 2017. USER compensation as a data breach recovery action: An investigation of the sony playstation network breach. MIS Quarterly 41 (3): 703–727.

Guo, H., S. Huang, C. Huang, Z. Pan, M. Zhang, and F. Shi. 2020. File entropy signal analysis combined with wavelet decomposition for malware classification. IEEE Access 8: 158961–158971. https://doi.org/10.1109/ACCESS.2020.3020330 .

Habib, M., I. Aljarah, and H. Faris. 2020. A Modified multi-objective particle swarm optimizer-based Lévy flight: An approach toward intrusion detection in Internet of Things. Arabian Journal for Science and Engineering 45 (8): 6081–6108. https://doi.org/10.1007/s13369-020-04476-9 .

Hajj, S., R. El Sibai, J.B. Abdo, J. Demerjian, A. Makhoul, and C. Guyeux. 2021. Anomaly-based intrusion detection systems: The requirements, methods, measurements, and datasets. Transactions on Emerging Telecommunications Technologies 32 (4): 36. https://doi.org/10.1002/ett.4240 .

Heartfield, R., G. Loukas, A. Bezemskij, and E. Panaousis. 2021. Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning. IEEE Transactions on Information Forensics and Security 16: 1720–1735. https://doi.org/10.1109/tifs.2020.3042049 .

Hemo, B., T. Gafni, K. Cohen, and Q. Zhao. 2020. Searching for anomalies over composite hypotheses. IEEE Transactions on Signal Processing 68: 1181–1196. https://doi.org/10.1109/TSP.2020.2971438

Hindy, H., D. Brosset, E. Bayne, A.K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens. 2020. A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8: 104650–104675. https://doi.org/10.1109/ACCESS.2020.3000179 .

Hong, W., D. Huang, C. Chen, and J. Lee. 2020. Towards accurate and efficient classification of power system contingencies and cyber-attacks using recurrent neural networks. IEEE Access 8: 123297–123309. https://doi.org/10.1109/ACCESS.2020.3007609 .

Husák, M., M. Zádník, V. Bartos, and P. Sokol. 2020. Dataset of intrusion detection alerts from a sharing platform. Data in Brief 33: 106530.

IBM Security. 2020. Cost of a Data breach Report. https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf . Accessed 19 May 2021.

IEEE. 2021. IEEE Quick Facts. https://www.ieee.org/about/at-a-glance.html . Accessed 11 May 2021.

Kilincer, I.F., F. Ertam, and S. Abdulkadir. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 107840. https://doi.org/10.1016/j.comnet.2021.107840 .

Jaber, A.N., and S. Ul Rehman. 2020. FCM-SVM based intrusion detection system for cloud computing environment. Cluster Computing—the Journal of Networks Software Tools and Applications 23 (4): 3221–3231. https://doi.org/10.1007/s10586-020-03082-6 .

Jacobs, J., S. Romanosky, B. Edwards, M. Roytman, and I. Adjerid. 2019. Exploit prediction scoring system (epss). arXiv:1908.04856

Jacobsen, A. et al. 2020. FAIR principles: Interpretations and implementation considerations. Data Intelligence 2 (1–2): 10–29. https://doi.org/10.1162/dint_r_00024 .

Jahromi, A.N., S. Hashemi, A. Dehghantanha, R.M. Parizi, and K.K.R. Choo. 2020. An enhanced stacked LSTM method with no random initialization for malware threat hunting in safety and time-critical systems. IEEE Transactions on Emerging Topics in Computational Intelligence 4 (5): 630–640. https://doi.org/10.1109/TETCI.2019.2910243 .

Jang, S., S. Li, and Y. Sung. 2020. FastText-based local feature visualization algorithm for merged image-based malware classification framework for cyber security and cyber defense. Mathematics 8 (3): 13. https://doi.org/10.3390/math8030460 .

Javeed, D., T.H. Gao, and M.T. Khan. 2021. SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT. Electronics 10 (8): 16. https://doi.org/10.3390/electronics10080918 .

Johnson, P., D. Gorton, R. Lagerstrom, and M. Ekstedt. 2016. Time between vulnerability disclosures: A measure of software product vulnerability. Computers & Security 62: 278–295. https://doi.org/10.1016/j.cose.2016.08.004 .

Johnson, P., R. Lagerström, M. Ekstedt, and U. Franke. 2018. Can the common vulnerability scoring system be trusted? A Bayesian analysis. IEEE Transactions on Dependable and Secure Computing 15 (6): 1002–1015. https://doi.org/10.1109/TDSC.2016.2644614 .

Junger, M., V. Wang, and M. Schlömer. 2020. Fraud against businesses both online and offline: Crime scripts, business characteristics, efforts, and benefits. Crime Science 9 (1): 13. https://doi.org/10.1186/s40163-020-00119-4 .

Kalutarage, H.K., H.N. Nguyen, and S.A. Shaikh. 2017. Towards a threat assessment framework for apps collusion. Telecommunication Systems 66 (3): 417–430. https://doi.org/10.1007/s11235-017-0296-1 .

Kamarudin, M.H., C. Maple, T. Watson, and N.S. Safa. 2017. A LogitBoost-based algorithm for detecting known and unknown web attacks. IEEE Access 5: 26190–26200. https://doi.org/10.1109/ACCESS.2017.2766844 .

Kasongo, S.M., and Y.X. Sun. 2020. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security 92: 15. https://doi.org/10.1016/j.cose.2020.101752 .

Keserwani, P.K., M.C. Govil, E.S. Pilli, and P. Govil. 2021. A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model. Journal of Reliable Intelligent Environments 7 (1): 3–21. https://doi.org/10.1007/s40860-020-00126-x .

Keshk, M., E. Sitnikova, N. Moustafa, J. Hu, and I. Khalil. 2021. An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems. IEEE Transactions on Sustainable Computing 6 (1): 66–79. https://doi.org/10.1109/TSUSC.2019.2906657 .

Khan, I.A., D.C. Pi, A.K. Bhatia, N. Khan, W. Haider, and A. Wahab. 2020. Generating realistic IoT-based IDS dataset centred on fuzzy qualitative modelling for cyber-physical systems. Electronics Letters 56 (9): 441–443. https://doi.org/10.1049/el.2019.4158 .

Khraisat, A., I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab. 2020. Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9 (1): 18. https://doi.org/10.3390/electronics9010173 .

Khraisat, A., I. Gondal, P. Vamplew, and J. Kamruzzaman. 2019. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2 (1): 20. https://doi.org/10.1186/s42400-019-0038-7 .

Kilincer, I.F., F. Ertam, and A. Sengur. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 16. https://doi.org/10.1016/j.comnet.2021.107840 .

Kim, D., and H.K. Kim. 2019. Automated dataset generation system for collaborative research of cyber threat analysis. Security and Communication Networks 2019: 10. https://doi.org/10.1155/2019/6268476 .

Kim, G., C. Lee, J. Jo, and H. Lim. 2020. Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network. International Journal of Machine Learning and Cybernetics 11 (10): 2341–2355. https://doi.org/10.1007/s13042-020-01122-6 .

Kirubavathi, G., and R. Anitha. 2016. Botnet detection via mining of traffic flow characteristics. Computers & Electrical Engineering 50: 91–101. https://doi.org/10.1016/j.compeleceng.2016.01.012 .

Kiwia, D., A. Dehghantanha, K.K.R. Choo, and J. Slaughter. 2018. A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science 27: 394–409. https://doi.org/10.1016/j.jocs.2017.10.020 .

Koroniotis, N., N. Moustafa, and E. Sitnikova. 2020. A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework. Future Generation Computer Systems 110: 91–106. https://doi.org/10.1016/j.future.2020.03.042 .

Kruse, C.S., B. Frederick, T. Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25 (1): 1–10.

Kshetri, N. 2018. The economics of cyber-insurance. IT Professional 20 (6): 9–14. https://doi.org/10.1109/MITP.2018.2874210 .

Kumar, R., P. Kumar, R. Tripathi, G.P. Gupta, T.R. Gadekallu, and G. Srivastava. 2021. SP2F: A secured privacy-preserving framework for smart agricultural Unmanned Aerial Vehicles. Computer Networks . https://doi.org/10.1016/j.comnet.2021.107819 .

Kumar, R., and R. Tripathi. 2021. DBTP2SF: A deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Transactions on Emerging Telecommunications Technologies 32 (4): 27. https://doi.org/10.1002/ett.4222 .

Laso, P.M., D. Brosset, and J. Puentes. 2017. Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data in Brief 14: 186–191. https://doi.org/10.1016/j.dib.2017.07.038 .

Lee, J., J. Kim, I. Kim, and K. Han. 2019. Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7: 165607–165626. https://doi.org/10.1109/ACCESS.2019.2953095 .

Lee, S.J., P.D. Yoo, A.T. Asyhari, Y. Jhi, L. Chermak, C.Y. Yeun, and K. Taha. 2020. IMPACT: Impersonation attack detection via edge computing using deep Autoencoder and feature abstraction. IEEE Access 8: 65520–65529. https://doi.org/10.1109/ACCESS.2020.2985089 .

Leong, Y.-Y., and Y.-C. Chen. 2020. Cyber risk cost and management in IoT devices-linked health insurance. The Geneva Papers on Risk and Insurance—Issues and Practice 45 (4): 737–759. https://doi.org/10.1057/s41288-020-00169-4 .

Levi, M. 2017. Assessing the trends, scale and nature of economic cybercrimes: overview and Issues: In Cybercrimes, cybercriminals and their policing, in crime, law and social change. Crime, Law and Social Change 67 (1): 3–20. https://doi.org/10.1007/s10611-016-9645-3 .

Li, C., K. Mills, D. Niu, R. Zhu, H. Zhang, and H. Kinawi. 2019a. Android malware detection based on factorization machine. IEEE Access 7: 184008–184019. https://doi.org/10.1109/ACCESS.2019.2958927 .

Li, D.Q., and Q.M. Li. 2020. Adversarial deep ensemble: evasion attacks and defenses for malware detection. IEEE Transactions on Information Forensics and Security 15: 3886–3900. https://doi.org/10.1109/tifs.2020.3003571 .

Li, D.Q., Q.M. Li, Y.F. Ye, and S.H. Xu. 2021. A framework for enhancing deep neural networks against adversarial malware. IEEE Transactions on Network Science and Engineering 8 (1): 736–750. https://doi.org/10.1109/tnse.2021.3051354 .

Li, R.H., C. Zhang, C. Feng, X. Zhang, and C.J. Tang. 2019b. Locating vulnerability in binaries using deep neural networks. IEEE Access 7: 134660–134676. https://doi.org/10.1109/access.2019.2942043 .

Li, X., M. Xu, P. Vijayakumar, N. Kumar, and X. Liu. 2020. Detection of low-frequency and multi-stage attacks in industrial Internet of Things. IEEE Transactions on Vehicular Technology 69 (8): 8820–8831. https://doi.org/10.1109/TVT.2020.2995133 .

Liu, H.Y., and B. Lang. 2019. Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences—Basel 9 (20): 28. https://doi.org/10.3390/app9204396 .

Lopez-Martin, M., B. Carro, and A. Sanchez-Esguevillas. 2020. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications . https://doi.org/10.1016/j.eswa.2019.112963 .

Loukas, G., D. Gan, and Tuan Vuong. 2013. A review of cyber threats and defence approaches in emergency management. Future Internet 5: 205–236.

Luo, C.C., S. Su, Y.B. Sun, Q.J. Tan, M. Han, and Z.H. Tian. 2020. A convolution-based system for malicious URLs detection. CMC—Computers Materials Continua 62 (1): 399–411.

Mahbooba, B., M. Timilsina, R. Sahal, and M. Serrano. 2021. Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021: 11. https://doi.org/10.1155/2021/6634811 .

Mahdavifar, S., and A.A. Ghorbani. 2020. DeNNeS: Deep embedded neural network expert system for detecting cyber attacks. Neural Computing & Applications 32 (18): 14753–14780. https://doi.org/10.1007/s00521-020-04830-w .

Mahfouz, A., A. Abuhussein, D. Venugopal, and S. Shiva. 2020. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet 12 (11): 1–19. https://doi.org/10.3390/fi12110180 .

Maleks Smith, Z., E. Lostri, and J.A. Lewis. 2020. The hidden costs of cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf . Accessed 16 May 2021.

Malik, J., A. Akhunzada, I. Bibi, M. Imran, A. Musaddiq, and S.W. Kim. 2020. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access 8: 134695–134706. https://doi.org/10.1109/ACCESS.2020.3009849 .

Manimurugan, S. 2020. IoT-Fog-Cloud model for anomaly detection using improved Naive Bayes and principal component analysis. Journal of Ambient Intelligence and Humanized Computing . https://doi.org/10.1007/s12652-020-02723-3 .

Martin, A., R. Lara-Cabrera, and D. Camacho. 2019. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. Information Fusion 52: 128–142. https://doi.org/10.1016/j.inffus.2018.12.006 .

Mauro, M.D., G. Galatro, and A. Liotta. 2020. Experimental review of neural-based approaches for network intrusion management. IEEE Transactions on Network and Service Management 17 (4): 2480–2495. https://doi.org/10.1109/TNSM.2020.3024225 .

McLeod, A., and D. Dolezel. 2018. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems 108: 57–68. https://doi.org/10.1016/j.dss.2018.02.007 .

Meira, J., R. Andrade, I. Praca, J. Carneiro, V. Bolon-Canedo, A. Alonso-Betanzos, and G. Marreiros. 2020. Performance evaluation of unsupervised techniques in cyber-attack anomaly detection. Journal of Ambient Intelligence and Humanized Computing 11 (11): 4477–4489. https://doi.org/10.1007/s12652-019-01417-9 .

Miao, Y., J. Ma, X. Liu, J. Weng, H. Li, and H. Li. 2019. Lightweight fine-grained search over encrypted data in Fog computing. IEEE Transactions on Services Computing 12 (5): 772–785. https://doi.org/10.1109/TSC.2018.2823309 .

Miller, C., and C. Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (S 91).

Mireles, J.D., E. Ficke, J.H. Cho, P. Hurley, and S.H. Xu. 2019. Metrics towards measuring cyber agility. IEEE Transactions on Information Forensics and Security 14 (12): 3217–3232. https://doi.org/10.1109/tifs.2019.2912551 .

Mishra, N., and S. Pandya. 2021. Internet of Things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review. IEEE Access . https://doi.org/10.1109/ACCESS.2021.3073408 .

Monshizadeh, M., V. Khatri, B.G. Atli, R. Kantola, and Z. Yan. 2019. Performance evaluation of a combined anomaly detection platform. IEEE Access 7: 100964–100978. https://doi.org/10.1109/ACCESS.2019.2930832 .

Moreno, V.C., G. Reniers, E. Salzano, and V. Cozzani. 2018. Analysis of physical and cyber security-related events in the chemical and process industry. Process Safety and Environmental Protection 116: 621–631. https://doi.org/10.1016/j.psep.2018.03.026 .

Moro, E.D. 2020. Towards an economic cyber loss index for parametric cover based on IT security indicator: A preliminary analysis. Risks . https://doi.org/10.3390/risks8020045 .

Moustafa, N., E. Adi, B. Turnbull, and J. Hu. 2018. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access 6: 32910–32924. https://doi.org/10.1109/ACCESS.2018.2844794 .

Moustakidis, S., and P. Karlsson. 2020. A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity . https://doi.org/10.1186/s42400-020-00056-4 .

Mukhopadhyay, A., S. Chatterjee, K.K. Bagchi, P.J. Kirs, and G.K. Shukla. 2019. Cyber Risk Assessment and Mitigation (CRAM) framework using Logit and Probit models for cyber insurance. Information Systems Frontiers 21 (5): 997–1018. https://doi.org/10.1007/s10796-017-9808-5 .

Murphey, H. 2021a. Biden signs executive order to strengthen US cyber security. https://www.ft.com/content/4d808359-b504-4014-85f6-68e7a2851bf1?accessToken=zwAAAXl0_ifgkc9NgINZtQRAFNOF9mjnooUb8Q.MEYCIQDw46SFWsMn1iyuz3kvgAmn6mxc0rIVfw10Lg1ovJSfJwIhAK2X2URzfSqHwIS7ddRCvSt2nGC2DcdoiDTG49-4TeEt&sharetype=gift?token=fbcd6323-1ecf-4fc3-b136-b5b0dd6a8756 . Accessed 7 May 2021.

Murphey, H. 2021b. Millions of connected devices have security flaws, study shows. https://www.ft.com/content/0bf92003-926d-4dee-87d7-b01f7c3e9621?accessToken=zwAAAXnA7f2Ikc8L-SADkm1N7tOH17AffD6WIQ.MEQCIDjBuROvhmYV0Mx3iB0cEV7m5oND1uaCICxJu0mzxM0PAiBam98q9zfHiTB6hKGr1gGl0Azt85yazdpX9K5sI8se3Q&sharetype=gift?token=2538218d-77d9-4dd3-9649-3cb556a34e51 . Accessed 6 May 2021.

Murugesan, V., M. Shalinie, and M.H. Yang. 2018. Design and analysis of hybrid single packet IP traceback scheme. IET Networks 7 (3): 141–151. https://doi.org/10.1049/iet-net.2017.0115 .

Mwitondi, K.S., and S.A. Zargari. 2018. An iterative multiple sampling method for intrusion detection. Information Security Journal 27 (4): 230–239. https://doi.org/10.1080/19393555.2018.1539790 .

Neto, N.N., S. Madnick, A.M.G. De Paula, and N.M. Borges. 2021. Developing a global data breach database and the challenges encountered. ACM Journal of Data and Information Quality 13 (1): 33. https://doi.org/10.1145/3439873 .

Nurse, J.R.C., L. Axon, A. Erola, I. Agrafiotis, M. Goldsmith, and S. Creese. 2020. The data that drives cyber insurance: A study into the underwriting and claims processes. In 2020 International conference on cyber situational awareness, data analytics and assessment (CyberSA), 15–19 June 2020.

Oliveira, N., I. Praca, E. Maia, and O. Sousa. 2021. Intelligent cyber attack detection and classification for network-based intrusion detection systems. Applied Sciences—Basel 11 (4): 21. https://doi.org/10.3390/app11041674 .

Page, M.J. et al. 2021. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews 10 (1): 89. https://doi.org/10.1186/s13643-021-01626-4 .

Pajouh, H.H., R. Javidan, R. Khayami, A. Dehghantanha, and K.R. Choo. 2019. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Transactions on Emerging Topics in Computing 7 (2): 314–323. https://doi.org/10.1109/TETC.2016.2633228 .

Parra, G.D., P. Rad, K.K.R. Choo, and N. Beebe. 2020. Detecting Internet of Things attacks using distributed deep learning. Journal of Network and Computer Applications 163: 13. https://doi.org/10.1016/j.jnca.2020.102662 .

Paté-Cornell, M.E., M. Kuypers, M. Smith, and P. Keller. 2018. Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis 38 (2): 226–241. https://doi.org/10.1111/risa.12844 .

Pooser, D.M., M.J. Browne, and O. Arkhangelska. 2018. Growth in the perception of cyber risk: evidence from U.S. P&C Insurers. The Geneva Papers on Risk and Insurance—Issues and Practice 43 (2): 208–223. https://doi.org/10.1057/s41288-017-0077-9 .

Pu, G., L. Wang, J. Shen, and F. Dong. 2021. A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology 26 (2): 146–153. https://doi.org/10.26599/TST.2019.9010051 .

Qiu, J., W. Luo, L. Pan, Y. Tai, J. Zhang, and Y. Xiang. 2019. Predicting the impact of android malicious samples via machine learning. IEEE Access 7: 66304–66316. https://doi.org/10.1109/ACCESS.2019.2914311 .

Qu, X., L. Yang, K. Guo, M. Sun, L. Ma, T. Feng, S. Ren, K. Li, and X. Ma. 2020. Direct batch growth hierarchical self-organizing mapping based on statistics for efficient network intrusion detection. IEEE Access 8: 42251–42260. https://doi.org/10.1109/ACCESS.2020.2976810 .

Rahman, Md.S., S. Halder, Md. Ashraf Uddin, and U.K. Acharjee. 2021. An efficient hybrid system for anomaly detection in social networks. Cybersecurity 4 (1): 10. https://doi.org/10.1186/s42400-021-00074-w .

Ramaiah, M., V. Chandrasekaran, V. Ravi, and N. Kumar. 2021. An intrusion detection system using optimized deep neural network architecture. Transactions on Emerging Telecommunications Technologies 32 (4): 17. https://doi.org/10.1002/ett.4221 .

Raman, M.R.G., K. Kannan, S.K. Pal, and V.S.S. Sriram. 2016. Rough set-hypergraph-based feature selection approach for intrusion detection systems. Defence Science Journal 66 (6): 612–617. https://doi.org/10.14429/dsj.66.10802 .

Rathore, S., J.H. Park. 2018. Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing 72: 79–89. https://doi.org/10.1016/j.asoc.2018.05.049 .

Romanosky, S., L. Ablon, A. Kuehn, and T. Jones. 2019. Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity (oxford) 5 (1): tyz002.

Sarabi, A., P. Naghizadeh, Y. Liu, and M. Liu. 2016. Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity 2 (1): 15–28. https://doi.org/10.1093/cybsec/tyw004 .

Sardi, Alberto, Alessandro Rizzi, Enrico Sorano, and Anna Guerrieri. 2021. Cyber risk in health facilities: A systematic literature review. Sustainability 12 (17): 7002.

Sarker, Iqbal H., A.S.M. Kayes, Shahriar Badsha, Hamed Alqahtani, Paul Watters, and Alex Ng. 2020. Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data 7 (1): 41. https://doi.org/10.1186/s40537-020-00318-5 .

Scopus. 2021. Factsheet. https://www.elsevier.com/__data/assets/pdf_file/0017/114533/Scopus_GlobalResearch_Factsheet2019_FINAL_WEB.pdf . Accessed 11 May 2021.

Sentuna, A., A. Alsadoon, P.W.C. Prasad, M. Saadeh, and O.H. Alsadoon. 2021. A novel Enhanced Naïve Bayes Posterior Probability (ENBPP) using machine learning: Cyber threat analysis. Neural Processing Letters 53 (1): 177–209. https://doi.org/10.1007/s11063-020-10381-x .

Shaukat, K., S.H. Luo, V. Varadharajan, I.A. Hameed, S. Chen, D.X. Liu, and J.M. Li. 2020. Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies 13 (10): 27. https://doi.org/10.3390/en13102509 .

Sheehan, B., F. Murphy, M. Mullins, and C. Ryan. 2019. Connected and autonomous vehicles: A cyber-risk classification framework. Transportation Research Part a: Policy and Practice 124: 523–536. https://doi.org/10.1016/j.tra.2018.06.033 .

Sheehan, B., F. Murphy, A.N. Kia, and R. Kiely. 2021. A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research 24 (12): 1619–1638.

Shlomo, A., M. Kalech, and R. Moskovitch. 2021. Temporal pattern-based malicious activity detection in SCADA systems. Computers & Security 102: 17. https://doi.org/10.1016/j.cose.2020.102153 .

Singh, K.J., and T. De. 2020. Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems 29 (1): 71–83. https://doi.org/10.1515/jisys-2017-0472 .

Skrjanc, I., S. Ozawa, T. Ban, and D. Dovzan. 2018. Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering. Applied Soft Computing 62: 592–601. https://doi.org/10.1016/j.asoc.2017.11.008 .

Smart, W. 2018. Lessons learned review of the WannaCry Ransomware Cyber Attack. https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf . Accessed 7 May 2021.

Sornette, D., T. Maillart, and W. Kröger. 2013. Exploring the limits of safety analysis in complex technological systems. International Journal of Disaster Risk Reduction 6: 59–66. https://doi.org/10.1016/j.ijdrr.2013.04.002 .

Sovacool, B.K. 2008. The costs of failure: A preliminary assessment of major energy accidents, 1907–2007. Energy Policy 36 (5): 1802–1820. https://doi.org/10.1016/j.enpol.2008.01.040 .

SpringerLink. 2021. Journal Search. https://rd.springer.com/search?facet-content-type=%22Journal%22 . Accessed 11 May 2021.

Stojanovic, B., K. Hofer-Schmitz, and U. Kleb. 2020. APT datasets and attack modeling for automated detection methods: A review. Computers & Security 92: 19. https://doi.org/10.1016/j.cose.2020.101734 .

Subroto, A., and A. Apriyana. 2019. Cyber risk prediction through social media big data analytics and statistical machine learning. Journal of Big Data . https://doi.org/10.1186/s40537-019-0216-1 .

Tan, Z., A. Jamdagni, X. He, P. Nanda, R.P. Liu, and J. Hu. 2015. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers 64 (9): 2519–2533. https://doi.org/10.1109/TC.2014.2375218 .

Tidy, J. 2021. Irish cyber-attack: Hackers bail out Irish health service for free. https://www.bbc.com/news/world-europe-57197688 . Accessed 6 May 2021.

Tuncer, T., F. Ertam, and S. Dogan. 2020. Automated malware recognition method based on local neighborhood binary pattern. Multimedia Tools and Applications 79 (37–38): 27815–27832. https://doi.org/10.1007/s11042-020-09376-6 .

Uhm, Y., and W. Pak. 2021. Service-aware two-level partitioning for machine learning-based network intrusion detection with high performance and high scalability. IEEE Access 9: 6608–6622. https://doi.org/10.1109/ACCESS.2020.3048900 .

Ulven, J.B., and G. Wangen. 2021. A systematic review of cybersecurity risks in higher education. Future Internet 13 (2): 1–40. https://doi.org/10.3390/fi13020039 .

Vaccari, I., G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso. 2020. MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20 (22): 17. https://doi.org/10.3390/s20226578 .

Valeriano, B., and R.C. Maness. 2014. The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research 51 (3): 347–360. https://doi.org/10.1177/0022343313518940 .

Varghese, J.E., and B. Muniyal. 2021. An Efficient IDS framework for DDoS attacks in SDN environment. IEEE Access 9: 69680–69699. https://doi.org/10.1109/ACCESS.2021.3078065 .

Varsha, M. V., P. Vinod, K.A. Dhanya. 2017 Identification of malicious android app using manifest and opcode features. Journal of Computer Virology and Hacking Techniques 13 (2): 125–138. https://doi.org/10.1007/s11416-016-0277-z

Velliangiri, S., and H.M. Pandey. 2020. Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Generation Computer Systems—the International Journal of Escience 110: 80–90. https://doi.org/10.1016/j.future.2020.03.049 .

Verma, A., and V. Ranga. 2020. Machine learning based intrusion detection systems for IoT applications. Wireless Personal Communications 111 (4): 2287–2310. https://doi.org/10.1007/s11277-019-06986-8 .

Vidros, S., C. Kolias, G. Kambourakis, and L. Akoglu. 2017. Automatic detection of online recruitment frauds: Characteristics, methods, and a public dataset. Future Internet 9 (1): 19. https://doi.org/10.3390/fi9010006 .

Vinayakumar, R., M. Alazab, K.P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman. 2019. Deep learning approach for intelligent intrusion detection system. IEEE Access 7: 41525–41550. https://doi.org/10.1109/access.2019.2895334 .

Walker-Roberts, S., M. Hammoudeh, O. Aldabbas, M. Aydin, and A. Dehghantanha. 2020. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. Journal of Supercomputing 76 (4): 2643–2664. https://doi.org/10.1007/s11227-019-03028-9 .

Web of Science. 2021. Web of Science: Science Citation Index Expanded. https://clarivate.com/webofsciencegroup/solutions/webofscience-scie/ . Accessed 11 May 2021.

World Economic Forum. 2020. WEF Global Risk Report. http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf . Accessed 13 May 2020.

Xin, Y., L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, and C. Wang. 2018. Machine learning and deep learning methods for cybersecurity. IEEE Access 6: 35365–35381. https://doi.org/10.1109/ACCESS.2018.2836950 .

Xu, C., J. Zhang, K. Chang, and C. Long. 2013. Uncovering collusive spammers in Chinese review websites. In Proceedings of the 22nd ACM international conference on Information & Knowledge Management.

Yang, J., T. Li, G. Liang, W. He, and Y. Zhao. 2019. A Simple recurrent unit model based intrusion detection system with DCGAN. IEEE Access 7: 83286–83296. https://doi.org/10.1109/ACCESS.2019.2922692 .

Yuan, B.G., J.F. Wang, D. Liu, W. Guo, P. Wu, and X.H. Bao. 2020. Byte-level malware classification based on Markov images and deep learning. Computers & Security 92: 12. https://doi.org/10.1016/j.cose.2020.101740 .

Zhang, S., X.M. Ou, and D. Caragea. 2015. Predicting cyber risks through national vulnerability database. Information Security Journal 24 (4–6): 194–206. https://doi.org/10.1080/19393555.2015.1111961 .

Zhang, Y., P. Li, and X. Wang. 2019. Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7: 31711–31722.

Zheng, Muwei, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. 2018. Cybersecurity research datasets: taxonomy and empirical analysis. In 11th {USENIX} workshop on cyber security experimentation and test ({CSET} 18).

Zhou, X., W. Liang, S. Shimizu, J. Ma, and Q. Jin. 2021. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics 17 (8): 5790–5798. https://doi.org/10.1109/TII.2020.3047675 .

Zhou, Y.Y., G. Cheng, S.Q. Jiang, and M. Dai. 2020. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks 174: 17. https://doi.org/10.1016/j.comnet.2020.107247 .

Download references

Open Access funding provided by the IReL Consortium.

Author information

Authors and affiliations.

University of Limerick, Limerick, Ireland

Frank Cremer, Barry Sheehan, Arash N. Kia, Martin Mullins & Finbarr Murphy

TH Köln University of Applied Sciences, Cologne, Germany

Michael Fortmann & Stefan Materne

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Barry Sheehan .

Ethics declarations

Conflict of interest.

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file1 (PDF 334 kb)

Supplementary file1 (docx 418 kb), rights and permissions.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cremer, F., Sheehan, B., Fortmann, M. et al. Cyber risk and cybersecurity: a systematic review of data availability. Geneva Pap Risk Insur Issues Pract 47 , 698–736 (2022). https://doi.org/10.1057/s41288-022-00266-6

Download citation

Received : 15 June 2021

Accepted : 20 January 2022

Published : 17 February 2022

Issue Date : July 2022

DOI : https://doi.org/10.1057/s41288-022-00266-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Cyber insurance
Systematic review
Cybersecurity
Find a journal
Publish with us
Track your research

Information

Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

Active Journals
Find a Journal
Proceedings Series
For Authors
For Reviewers
For Editors
For Librarians
For Publishers
For Societies
For Conference Organizers
Open Access Policy
Institutional Open Access Program
Special Issues Guidelines
Editorial Process
Research and Publication Ethics
Article Processing Charges
Testimonials
Preprints.org
SciProfiles
Encyclopedia

Data-Driven Network Anomaly Detection with Cyber Attack and Defense Visualization

Journal Description

Journal of cybersecurity and privacy.

Open Access — free for readers, with article processing charges (APC) paid by authors or their institutions.
High Visibility: indexed within Scopus , EBSCO , and other databases .
Rapid Publication: manuscripts are peer-reviewed and a first decision is provided to authors approximately 32.4 days after submission; acceptance to publication is undertaken in 4.6 days (median values for papers published in this journal in the first half of 2024).
Journal Rank: CiteScore - Q1 ( Computer Science (miscellaneous) )
Recognition of Reviewers: APC discount vouchers, optional signed peer review, and reviewer names published annually in the journal.
Companion journal: Sensors .

Latest Articles

Journal Menu

Aims & Scope
Editorial Board
Topical Advisory Panel
Instructions for Authors

Special Issues

Sections & Collections
Article Processing Charge
Indexing & Archiving
Most Cited & Viewed
Journal Statistics
Journal History
Editorial Office

Journal Browser

arrow_forward_ios Forthcoming issue arrow_forward_ios Current issue
Vol. 4 (2024)
Vol. 3 (2023)
Vol. 2 (2022)
Vol. 1 (2021)

Highly Accessed Articles

Latest books, e-mail alert.

Conferences

Topical collections, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

View all journals
Explore content
About the journal
Publish with us
Sign up for alerts
Open access
Published: 17 May 2023

A holistic and proactive approach to forecasting cyber threats

Zaid Almahmoud 1 ,
Paul D. Yoo 1 ,
Omar Alhussein 2 ,
Ilyas Farhat 3 &
Ernesto Damiani 4 , 5

Scientific Reports volume 13 , Article number: 8049 ( 2023 ) Cite this article

6430 Accesses

10 Citations

2 Altmetric

Metrics details

Computer science
Information technology

Traditionally, cyber-attack detection relies on reactive, assistive techniques, where pattern-matching algorithms help human experts to scan system logs and network traffic for known virus or malware signatures. Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection, promising to automate the task of detecting, tracking and blocking malware and intruders. Much less effort has been devoted to cyber-attack prediction, especially beyond the short-term time scale of hours and days. Approaches that can forecast attacks likely to happen in the longer term are desirable, as this gives defenders more time to develop and share defensive actions and tools. Today, long-term predictions of attack waves are mostly based on the subjective perceptiveness of experienced human experts, which can be impaired by the scarcity of cyber-security expertise. This paper introduces a novel ML-based approach that leverages unstructured big data and logs to forecast the trend of cyber-attacks at a large scale, years in advance. To this end, we put forward a framework that utilises a monthly dataset of major cyber incidents in 36 countries over the past 11 years, with new features extracted from three major categories of big data sources, namely the scientific research literature, news, blogs, and tweets. Our framework not only identifies future attack trends in an automated fashion, but also generates a threat cycle that drills down into five key phases that constitute the life cycle of all 42 known cyber threats.

Knowledge mining of unstructured information: application to cyber domain

Machine learning partners in criminal networks

Machine learning dismantling and early-warning signals of disintegration in complex systems

Introduction.

Running a global technology infrastructure in an increasingly de-globalised world raises unprecedented security issues. In the past decade, we have witnessed waves of cyber-attacks that caused major damage to governments, organisations and enterprises, affecting their bottom lines 1 . Nevertheless, cyber-defences remained reactive in nature, involving significant overhead in terms of execution time. This latency is due to the complex pattern-matching operations required to identify the signatures of polymorphic malware 2 , which shows different behaviour each time it is run. More recently, ML-based models were introduced relying on anomaly detection algorithms. Although these models have shown a good capability to detect unknown attacks, they may classify benign behaviour as abnormal 3 , giving rise to a false alarm.

We argue that data availability can enable a proactive defense, acting before a potential threat escalates into an actual incident. Concerning non-cyber threats, including terrorism and military attacks, proactive approaches alleviate, delay, and even prevent incidents from arising in the first place. Massive software programs are available to assess the intention, potential damages, attack methods, and alternative options for a terrorist attack 4 . We claim that cyber-attacks should be no exception, and that nowadays we have the capabilities to carry out proactive, low latency cyber-defenses based on ML 5 .

Indeed, ML models can provide accurate and reliable forecasts. For example, ML models such as AlphaFold2 6 and RoseTTAFold 7 can predict a protein’s three-dimensional structure from its linear sequence. Cyber-security data, however, poses its unique challenges. Cyber-incidents are highly sensitive events and are usually kept confidential since they affect the involved organisations’ reputation. It is often difficult to keep track of these incidents, because they can go unnoticed even by the victim. It is also worth mentioning that pre-processing cyber-security data is challenging, due to characteristics such as lack of structure, diversity in format, and high rates of missing values which distort the findings.

When devising a ML-based method, one can rely on manual feature identification and engineering, or try and learn the features from raw data. In the context of cyber-incidents, there are many factors ( i.e. , potential features) that could lead to the occurrence of an attack. Wars and political conflicts between countries often lead to cyber-warfare 8 , 9 . The number of mentions of a certain attack appearing in scientific articles may correlate well with the actual incident rate. Also, cyber-attacks often take place on holidays, anniversaries and other politically significant dates 5 . Finding the right features out of unstructured big data is one of the key strands of our proposed framework.

The remainder of the paper is structured as follows. The “ Literature review ” section presents an overview of the related work and highlights the research gaps and our contributions. The “ Methods ” section describes the framework design, including the construction of the dataset and the building of the model. The “ Results ” section presents the validation results of our model, the trend analysis and forecast, and a detailed description of the developed threat cycle. Lastly, the “ Discussion ” section offers a critical evaluation of our work, highlighting its strengths and limitations, and provides recommendations for future research.

Literature review

In recent years, the literature has extensively covered different cyber threats across various application domains, and researchers have proposed several solutions to mitigate these threats. In the Social Internet of Vehicles (SIoV), one of the primary concerns is the interception and tampering of sensitive information by attackers 10 . To address this, a secure authentication protocol has been proposed that utilises confidential computing environments to ensure the privacy of vehicle-generated data. Another application domain that has been studied is the privacy of image data, specifically lane images in rural areas 11 . The proposed methodology uses Error Level Analysis (ELA) and artificial neural network (ANN) algorithms to classify lane images as genuine or fake, with the U-Net model for lane detection in bona fide images. The final images are secured using the proxy re-encryption technique with RSA and ECC algorithms, and maintained using fog computing to protect against forgery.

Another application domain that has been studied is the security of Wireless Mesh Networks (WMNs) in the context of the Internet of Things (IoT) 12 . WMNs rely on cooperative forwarding, making them vulnerable to various attacks, including packet drop/modification, badmouthing, on-off, and collusion attacks. To address this, a novel trust mechanism framework has been proposed that differentiates between legitimate and malicious nodes using direct and indirect trust computation. The framework utilises a two-hop mechanism to observe the packet forwarding behaviour of neighbours, and a weighted D-S theory to aggregate recommendations from different nodes. While these solutions have shown promising results in addressing cyber threats, it is important to anticipate the type of threat that may arise to ensure that the solutions can be effectively deployed. By proactively identifying and anticipating cyber threats, organisations can better prepare themselves to protect their systems and data from potential attacks.

While we are relatively successful in detecting and classifying cyber-attacks when they occur 13 , 14 , 15 , there has been a much more limited success in predicting them. Some studies exist on short-term predictive capability 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 , 26 , such as predicting the number or source of attacks to be expected in the next hours or days. The majority of this work performs the prediction in restricted settings ( e.g. , against a specific entity or organisation) where historical data are available 18 , 19 , 25 . Forecasting attack occurrences has been attempted by using statistical methods, especially when parametric data distributions could be assumed 16 , 17 , as well as by using ML models 20 . Other methods adopt a Bayesian setting and build event graphs suitable for estimating the conditional probability of an attack following a given chain of events 21 . Such techniques rely on libraries of predefined attack graphs: they can identify the known attack most likely to happen, but are helpless against never-experienced-before, zero-day attacks.

Other approaches try to identify potential attackers by using network entity reputation and scoring 26 . A small but growing body of research explores the fusion of heterogeneous features (warning signals) to forecast cyber-threats using ML. Warning signs may include the number of mentions of a victim organisation on Twitter 18 , mentions in news articles about the victim entity 19 , and digital traces from dark web hacker forums 20 . Our literature review is summarised in Table 1 .

Forecasting the cyber-threats that will most likely turn into attacks in the medium and long term is of significant importance. It not only gives to cyber-security agencies the time to evaluate the existing defence measures, but also assists them in identifying areas where to develop preventive solutions. Long-term prediction of cyber-threats, however, still relies on the subjective perceptions of human security experts 27 , 28 . Unlike a fully automated procedure based on quantitative metrics, the human-based approach is prone to bias based on scientific or technical interests 29 . Also, quantitative predictions are crucial to scientific objectivity 30 . In summary, we highlight the following research gaps:

Current research primarily focuses on detecting ( i.e. , reactive) rather than predicting cyber-attacks ( i.e. , proactive).

Available predictive methods for cyber-attacks are mostly limited to short-term predictions.

Current predictive methods for cyber-attacks are limited to restricted settings ( e.g. , a particular network or system).

Long-term prediction of cyber-attacks is currently performed by human experts, whose judgement is subjective and prone to bias and disagreement.

Research contributions

Our objective is to fill these research gaps by a proactive, long-term, and holistic approach to attack prediction. The proposed framework gives cyber-security agencies sufficient time to evaluate existing defence measures while also providing objective and accurate representation of the forecast. Our study is aimed at predicting the trend of cyber-attacks up to three years in advance, utilising big data sources and ML techniques. Our ML models are learned from heterogeneous features extracted from massive, unstructured data sources, namely, Hackmageddon 9 , Elsevier 31 , Twitter 32 , and Python APIs 33 . Hackmageddon provides more than 15, 000 records of global cyber-incidents since the year 2011, while Elsevier API offers access to the Scopus database, the largest abstract and citation database of peer-reviewed literature with over 27,000,000 documents 34 . The number of relevant tweets we collected is around 9 million. Our study covers 36 countries and 42 major attack types. The proposed framework not only provides the forecast and categorisation of the threats, but also generates a threat life-cycle model, whose the five key phases underlie the life cycle of all 42 known cyber-threats. The key contribution of this study consists of the following:

A novel dataset is constructed using big unstructured data ( i.e. , Hackmageddon) including news and government advisories, in addition to Elsevier, Twitter, and Python API. The dataset comprises monthly counts of cyber-attacks and other unique features, covering 42 attack types across 36 countries.

Our proactive approach offers long-term forecasting by predicting threats up to 3 years in advance.

Our approach is holistic in nature, as it does not limit itself to specific entities or regions. Instead, it provides projections of attacks across 36 countries situated in diverse parts of the world.

Our approach is completely automated and quantitative, effectively addressing the issue of bias in human predictions and providing a precise forecast.

By analysing past and predicted future data, we have classified threats into four main groups and provided a forecast of 42 attacks until 2025.

The first threat cycle is proposed, which delineates the distinct phases in the life cycle of 42 cyber-attack types.

The framework of forecasting cyber threats

The architecture of our framework for forecasting cyber threats is illustrated in Fig. 1 . As seen in the Data Sources component (l.h.s), to harness all the relevant data and extract meaningful insights, our framework utilises various sources of unstructured data. One of our main sources is Hackmageddon, which includes massive textual data on major cyber-attacks (approx. 15,334 incidents) dating back to July 2011. We refer to the monthly number of attacks in the list as the Number of Incidents (NoI). Also, Elsevier’s Application Programming Interface (API) gives access to a very large corpus of scientific articles and data sets from thousands of sources. Utilising this API, we obtained the Number of Mentions (NoM) ( e.g. , monthly) of each attack that appeared in the scientific publications. This NoM data is of particular importance as it can be used as the ground truth for attack types that do not appear in Hackmageddon. During the preliminary research phase, we examined all the potentially relevant features and noticed that wars/political conflicts are highly correlated to the number of cyber-events. These data were then extracted via Twitter API as Armed Conflict Areas/Wars (ACA). Lastly, as attacks often take place around holidays, Python’s holidays package was used to obtain the number of public holidays per month for each country, which is referred to as Public Holidays (PH).

To ensure the accuracy and quality of Hackmageddon data, we validated it using the statistics from official sources across government, academia, research institutes and technology organisations. For a ransomware example, the Cybersecurity & Infrastructure Security Agency stated in their 2021 trend report that cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally 35 . The WannaCry attack in the dataset was also validated with Ghafur et al ’s 1 statement in their article: “WannaCry ransomware attack was a global epidemic that took place in May 2017”.

An example of an entry in the Hackmageddon dataset is shown in Table 2 . Each entry includes the incident date, the description of the attack, the attack type, and the target country. Data pre-processing (Fig. 1 ) focused on noise reduction through imputing missing values ( e.g. , countries), which were often observed in the earlier years. We were able to impute these values from the description column or occasionally, by looking up the entity location using Google.

The textual data were quantified via our Word Frequency Counter (WFC), which counted the number of each attack type per month as in Table 3 . Cumulative Aggregation (CA) obtained the number of attacks for all countries combined and an example of a data entry after transformation includes the month, and the number of attacks against each country (and all countries combined) for each attack type. By adding features such as NoM, ACA, and PH, we ended up having additional features that we appended to the dataset as shown in Table 4 . Our final dataset covers 42 common types of attacks in 36 countries. The full list of attacks is provided in Table 5 . The list of the countries is given in Supplementary Table S1 .

To analyse and investigate the main characteristics of our data, an exploratory analysis was conducted focusing on the visualisation and identification of key patterns such as trend and seasonality, correlated features, missing data and outliers. For seasonal data, we smoothed out the seasonality so that we could identify the trend while removing the noise in the time series 36 . The smoothing type and constants were optimised along with the ML model (see Optimisation for details). We applied Stochastic selection of Features (SoF) to find the subset of features that minimises the prediction error, and compared the univariate against the multivariate approach.

For the modelling, we built a Bayesian encoder-decoder Long Short-Term Memory (B-LSTM) network. B-LSTM models have been proposed to predict “perfect wave” events like the onset of stock market “bear” periods on the basis of multiple warning signs, each having different time dynamics 37 . Encoder-decoder architectures can manage inputs and outputs that both consist of variable-length sequences. The encoder stage encodes a sequence into a fixed-length vector representation (known as the latent representation). The decoder prompts the latent representation to predict a sequence. By applying an efficient latent representation, we train the model to consider all the useful warning information from the input sequence - regardless of its position - and disregard the noise.

Our Bayesian variation of the encoder-decoder LSTM network considers the weights of the model as random variables. This way, we extract epistemic uncertainty via (approximate) Bayesian inference, which quantifies the prediction error due to insufficient information 38 . This is an important parameter, as epistemic uncertainty can be reduced by better intelligence, i.e. , by acquiring more samples and new informative features. Details are provided in “ Bayesian long short-term memory ” section.

Our overall analytical platform learns an operational model for each attack type. Here, we evaluated the model’s performance in predicting the threat trend 36 months in advance. A newly modified symmetric Mean Absolute Percentage Error (M-SMAPE) was devised as the evaluation metric, where we added a penalty term that accounts for the trend direction. More details are provided in the “ Evaluation metrics ” section.

Feature extraction

Below, we provide the details of the process that transforms raw data into numerical features, obtaining the ground truth NoI and the additional features NoM, ACA and PH.

NoI: The number of daily incidents in Hackmageddon was transformed from the purely unstructured daily description of attacks along with the attack and country columns, to the monthly count of incidents for each attack in each country. Within the description, multiple related attacks may appear, which are not necessarily in the attack column. Let $E_{x_i}$ denote the set of entries during the month $x_i$ in Hackmageddon dataset. Let $a_j$ and $c_k$ denote the j th attack and k th country. Then NoI can be expressed as follows:

where $Z(a_j,c_k,e)$ is a function that evaluates to 1 if $a_j$ appears either in the description or in the attack columns of entry e and $c_k$ appears in the country column of e . Otherwise, the function evaluates to 0. Next, we performed CA to obtain the monthly count of attacks in all countries combined for each attack type as follows:

NoM: We wrote a Python script to query Elsevier API for the number of mentions of each attack during each month 31 . The search covers the title, abstract and keywords of published research papers that are stored in Scopus database 39 . Let $P_{x_i}$ denote the set of research papers in Scopus published during the month $x_i$ . Also, let $W_{p}$ denote the set of words in the title, abstract and keywords of research paper p . Then NoM can be expressed as follows:

where $U(w,a_j)$ evaluates to 1 if $w=a_j$ , and to 0 otherwise.

ACA: Using Twitter API in Python 32 , we wrote a query to obtain the number of tweets with keywords related to political conflicts or military attacks associated with each country during each month. The keywords used for each country are summarised in Supplementary Table S2 , representing our query. Formally, let $T_{x_i}$ denote the set of all tweets during the month $x_i$ . Then ACA can be expressed as follows:

where $Q(t,c_k)$ evaluates to 1 if the query in Supplementary Table S2 evaluates to 1 given t and $c_k$ . Otherwise, it evaluates to 0.

PH: We used the Python holidays library 33 to count the number of days that are considered public holidays in each country during each month. More formally, this can be expressed as follows:

where $H(d,c_k)$ evaluates to 1 if the day d in the country $c_k$ is a public holiday, and to 0 otherwise. In ( 4 ) and ( 5 ), CA was used to obtain the count for all countries combined as in ( 2 ).

Data integration

Based on Eqs. ( 1 )–( 5 ), we obtain the following columns for each month:

NoI_C: The number of incidents for each attack type in each country ( $42 \times 36$ columns) [Hackmageddon].

NoI: The total number of incidents for each attack type (42 columns) [Hackmageddon].

NoM: The number of mentions of each attack type in research articles (42 columns) [Elsevier].

ACA_C: The number of tweets about wars and conflicts related to each country (36 columns) [Twitter].

ACA: The total number of tweets about wars and conflicts (1 column) [Twitter].

PH_C: The number of public holidays in each country (36 columns) [Python].

PH: The total number of public holidays (1 column) [Python].

In the aforementioned list of columns, the name enclosed within square brackets denotes the source of data. By matching and combining these columns, we derive our monthly dataset, wherein each row represents a distinct month. A concrete example can be found in Tables 3 and 4 , which, taken together, constitute a single observation in our dataset. The dataset can be expanded through the inclusion of other monthly features as supplementary columns. Additionally, the dataset may be augmented with further samples as additional monthly records become available. Some suggestions for extending the dataset are provided in the “ Discussion ” section.

Data smoothing

We tested multiple smoothing methods and selected the one that resulted in the model with the lowest M-SMAPE during the hyper-parameter optimisation process. The methods we tested include exponential smoothing (ES), double exponential smoothing (DES) and no smoothing (NS). Let $\alpha $ be the smoothing constant. Then the ES formula is:

where $D(x_{i})$ denotes the original data at month $x_{i}$ . For the DES formula, let $\alpha $ and $\beta $ be the smoothing constants. We first define the level $l(x_{i})$ and the trend $\tau (x_{i})$ as follows:

then, DES is expressed as follows:

The smoothing constants ( $\alpha $ and $\beta $ ) in the aforementioned methods are chosen as the predictive results of the ML model that gives the lowest M-SMAPE during the hyper-parameter optimisation process. Supplementary Fig. S5 depicts an example for the DES result.

Bayesian long short-term memory

LSTM is a type of recurrent neural network (RNN) that uses lagged observations to forecast the future time steps 30 . It was introduced as a solution to the so-called vanishing/exploding gradient problem of traditional RNNs 40 , where the partial derivative of the loss function may suddenly approach zero at some point of the training. In LSTM, the input is passed to the network cell, which combines it with the hidden state and cell state values from previous time steps to produce the next states. The hidden state can be thought of as a short-term memory since it stores information from recent periods in a weighted manner. On the other hand, the cell state is meant to remember all the past information from previous intervals and store them in the LSTM cell. The cell state thus represents the long-term memory.

LSTM networks are well-suited for time-series forecasting, due to their proficiency in retaining both long-term and short-term temporal dependencies 41 , 42 . By leveraging their ability to capture these dependencies within cyber-attack data, LSTM networks can effectively recognise recurring patterns in the attack time-series. Moreover, the LSTM model is capable of learning intricate temporal patterns in the data and can uncover inter-correlations between various variables, making it a compelling option for multivariate time-series analysis 43 .

Given a sequence of LSTM cells, each processing a single time-step from the past, the final hidden state is encoded into a fixed-length vector. Then, a decoder uses this vector to forecast future values. Using such architecture, we can map a sequence of time steps to another sequence of time steps, where the number of steps in each sequence can be set as needed. This technique is referred to as encoder-decoder architecture.

Because we have relatively short sequences within our refined data ( e.g. , 129 monthly data points over the period from July 2011 to March 2022), it is crucial to extract the source of uncertainty, known as epistemic uncertainty 44 , which is caused by lack of knowledge. In principle, epistemic uncertainty can be reduced with more knowledge either in the form of new features or more samples. Deterministic (non-stochastic) neural network models are not adequate to this task as they provide point estimates of model parameters. Rather, we utilise a Bayesian framework to capture epistemic uncertainty. Namely, we adopt the Monte Carlo dropout method proposed by Gal et al. 45 , who showed that the use of non-random dropout neurons during ML training (and inference) provides a Bayesian approximation of the deep Gaussian processes. Specifically, during the training of our LSTM encoder-decoder network, we applied the same dropout mask at every time-step (rather than applying a dropout mask randomly from time-step to time-step). This technique, known as recurrent dropout is readily available in Keras 46 . During the inference phase, we run trained model multiple times with recurrent dropout to produce a distribution of predictive results. Such prediction is shown in Fig. 4 .

Figure 2 shows our encoder-decoder B-LSTM architecture. The hidden state and cell state are denoted respectively by $h_{i}$ and $C_{i}$ , while the input is denoted by $X_{i}$ . Here, the length of the input sequence (lag) is a hyper-parameter tuned to produce the optimal model, where the output is a single time-step. The number of cells ( i.e. , the depth of each layer) is tuned as a hyper-parameter in the range between 25 and 200 cells. Moreover, we used one or two layers, tuning the number of layers to each attack type. For the univariate model we used a standard Rectified Linear Unit (ReLU) activation function, while for the multivariate model we used a Leaky ReLU. Standard ReLU computes the function $f(x)=max(0,x)$ , thresholding the activation at zero. In the multivariate case, zero-thresholding may generate the same ReLU output for many input vectors, making the model convergence slower 47 . With Leaky ReLU, instead of defining ReLU as zero when $x < 0$ , we introduce a negative slope $\alpha =0.2$ . Additionally, we used recurrent dropout ( i.e. , arrows in red as shown in Fig. 2 ), where the probability of dropping out is another hyper-parameter that we tune as described above, following Gal’s method 48 . The tuned dropout value is maintained during the testing and prediction as previously mentioned. Once the final hidden vector $h_{0}$ is produced by the encoder, the Repeat Vector layer is used as an adapter to reshape it from the bi-dimensional output of the encoder ( e.g. , $h_{0}$ ) to the three-dimensional input expected by the decoder. The decoder processes the input and produces the hidden state, which is then passed to a dense layer to produce the final output.

Each time-step corresponds to a month in our model. Since the model is learnt to predict a single time-step (single month), we use a sliding window during the prediction phase to forecast 36 (monthly) data points. In other words, we predict a single month at each step, and the predicted value is fed back for the prediction of the following month. This concept is illustrated in the table shown in Fig. 2 . Utilising a single time-step in the model’s output minimises the size of the sliding window, which in turn allows for training with as many observations as possible with such limited data.

The difference between the univariate and multivariate B-LSTMs is that the latter carries additional features in each time-step. Thus, instead of passing a scalar input value to the network, we pass a vector of features including the ground truth at each time-step. The model predicts a vector of features as an output, from which we retrieve the ground truth, and use it along with the other predicted features as an input to predict the next time-step.

Evaluation metrics

The evaluation metric SMAPE is a percentage (or relative) error based accuracy measure that judges the prediction performance purely on how far the predicted value is from the actual value 49 . It is expressed by the following formula:

where $F_{t}$ and $A_{t}$ denote the predicted and actual values at time t . This metric returns a value between 0% and 100%. Given that our data has zero values in some months ( e.g. , emerging threats), the issue of division by zero may arise, a problem that often emerges when using standard MAPE (Mean Absolute Percentage Error). We find SMAPE to be resilient to this problem, since it has both the actual and predicted values in the denominator.

Recall that our model aims to predict a curve (corresponding to multiple time steps). Using plain SMAPE as the evaluation metric, the “best” model may turn out to be simply a straight line passing through the same points of the fluctuating actual curve. However, this is undesired in our case since our priority is to predict the trend direction (or slope) over its intensity or value at a certain point. We hence add a penalty term to SMAPE that we apply when the height of the predicted curve is relatively smaller than that of the actual curve. This yields the modified SMAPE (M-SMAPE). More formally, let I ( V ) be the height of the curve V , calculated as follows:

where n is the curve width or the number of data points. Let A and F denote the actual and predicted curves. We define M-SMAPE as follows:

where $\gamma $ is a penalty constant between 0 and 1, and d is another constant $\ge $ 1. In our experiment, we set $\gamma $ to 0.3, and d to 3, as we found these to be reasonable values by trial and error. We note that the range of possible values of M-SMAPE is between 0% and (100 + 100 $\gamma $ )% after this modification. By running multiple experiments we found out that the modified evaluation metric is more suitable for our scenario, and therefore was adopted for the model’s evaluation.

Optimisation

On average, our model was trained on around 67% of the refined data, which is equivalent to approximately 7.2 years. We kept the rest, approximately 33% (3 years + lag period), for validation. These percentages may slightly differ for different attack types depending on the optimal lag period selected.

For hyper-parameter optimisation, we performed a random search with 60 iterations, to obtain the set of features, smoothing methods and constants, and model’s hyper-parameters that results in the model with the lowest M-SMAPE. Random search is a simple and efficient technique for hyper-parameter optimisation, with advantages including efficiency, flexibility, robustness, and scalability. The technique has been studied extensively in the literature and was found to be superior to grid search in many cases 50 . For each set of hyper-parameters, the model was trained using the mean squared error (MSE) as the loss function, and while using ADAM as the optimisation algorithm 51 . Then, the model was validated by forecasting 3 years while using M-SMAPE as the evaluation metric, and the average performance was recorded over 3 different seeds. Once the set of hyper-parameters with the minimum M-SMAPE was obtained, we used it to train the model on the full data, after which we predicted the trend for the next 3 years (until March, 2025).

The first group of hyper-parameters is the subset of features in the case of the multivariate model. Here, we experimented with each of the 3 features separately (NoM, ACA or PH) along with the ground truth (NoI), in addition to the combination of all features. The second group is the smoothing methods and constants. The set of methods includes ES, DES and NS, as previously discussed. The set of values for the smoothing constant $\alpha $ ranges from 0.05 to 0.7 while the set of values for the smoothing constant $\beta $ (for DES) ranges from 0.3 to 0.7. Next is the optimisation of the lag period with values that range from 1 to 12 months. This is followed by the model’s hyper-parameters which include the learning rate with values that range from $6\times 10^{-4}$ to $1\times 10^{-2}$ , the number of epochs with values between 30 and 200, the number of layers in the range 1 to 2, the number of units in the range 25 to 200, and the recurrent dropout value between 0.2 and 0.5. The range of these values was obtained from the literature and the online code repositories 52 .

Validation and comparative analysis

The results of our model’s validation are provided in Fig. 3 and Table 5 . As shown in Fig. 3 , the predicted data points are well aligned with the ground truth. Our models successfully predicted the next 36 months of all the attacks’ trends with an average M-SMAPE of 0.25. Table 5 summarises the validation results of univariate and multivariate approaches using B-LSTM. The results show that with approximately 69% of all the attack types, the multivariate approach outperformed the univariate approach. As seen in Fig. 3 , the threats that have a consistent increasing or emerging trend seemed to be more suitable for the univariate approach, while threats that have a fluctuating or decreasing trend showed less validation error when using the multivariate approach. The feature of ACA resulted in the best model for 33% of all the attack types, which makes it among the three most informative features that can boost the prediction performance. The PH accounts for 17% of all the attacks followed by NoM that accounts for 12%.

We additionally compared the performance of the proposed model B-LSTM with other models namely LSTM and ARIMA. The comparison covers the univariate and multivariate approaches of LSTM and B-LSTM, with two features in the case of multivariate approach namely NoI and NoM. The comparison is in terms of the Mean Absolute Percentage Error (MAPE) when predicting four common attack types, namely DDoS, Password Attack, Malware, and Ransomware. A comparison table is provided in Supplementary Table S3 . The results illustrate the superiority of the B-LSTM model for most of the attack types.

Trends analysis

The forecast of each attack trend until the end of the first quarter of 2025 is given in Supplementary Figs. S1 – S4 . By visualising the historical data of each attack as well as the prediction for the next three years, we were able to analyse the overall trend of each attack. The attacks generally follow 4 types of trends: (1) rapidly increasing, (2) overall increasing, (3) emerging and (4) decreasing. The names of attacks for each category are provided in Fig. 4 .

The first trend category is the rapidly increasing trend (Fig. 4 a—approximately 40% of the attacks belong to this trend. We can see that the attacks belonging to this category have increased dramatically over the past 11 years. Based on the model’s prediction, some of these attacks will exhibit a steep growth until 2025. Examples include session hijacking, supply chain, account hijacking, zero-day and botnet. Some of the attacks under this category have reached their peak, have recently started stabilising, and will probably remain steady over the next 3 years. Examples include malware, targeted attack, dropper and brute force attack. Some attacks in this category, after a recent increase, are likely to level off in the next coming years. These are password attack, DNS spoofing and vulnerability-related attacks.

The second trend category is the overall increasing trend as seen in Fig. 4 b. Approximately 31% of the attacks seem to follow this trend. The attacks under this category have a slower rate of increase over the years compared to the attacks in the first category, with occasional fluctuations as can be observed in the figure. Although some of the attacks show a slight recent decline ( e.g. , malvertising, keylogger and URL manipulation), malvertising and keylogger are likely to recover and return to a steady state while URL manipulation is projected to continue a smooth decline. Other attacks typical of “cold” cyber-warfare like Advanced Persistent Threats (APT) and rootkits are already recovering from a small drop and will likely to rise to a steady state by 2025. Spyware and data breach have already reached their peak and are predicted to decline in the near future.

Next is the emerging trend as shown in Fig. 4 c. These are the attacks that started to grow significantly after the year 2016, although many of them existed much earlier. In our study, around 17% of the attacks follow this trend. Some attacks have been growing steeply and are predicted to continue this trend until 2025. These are Internet of Things (IoT) device attack and deepfake. Other attacks have also been increasing rapidly since 2016, however, are likely to slow down after 2022. These include ransomware and adversarial attacks. Interestingly, some attacks that emerged after 2016 have already reached the peak and recently started a slight decline ( e.g. , cryptojacking and WannaCry ransomware attack). It is likely that WannaCry will become relatively steady in the coming years, however, cryptojacking will probably continue to decline until 2025 thanks to the rise of proof-of-stake consensus mechanisms 53 .

The fourth and last trend category is the decreasing trend (Fig. 4 d—only 12% of the attacks follow this trend. Some attacks in this category peaked around 2012, and have been slowly decreasing since then ( e.g. , SQL Injection and defacement). The drive-by attack also peaked in 2012, however, had other local peaks in 2016 and 2018, after which it declined noticeably. Cross-site scripting (XSS) and pharming had their peak more recently compared to the other attacks, however, have been smoothly declining since then. All the attacks under this category are predicted to become relatively stable from 2023 onward, however, they are unlikely to disappear in the next 3 years.

The threat cycle

This large-scale analysis involving the historical data and the predictions for the next three years enables us to come up with a generalisable model that traces the evolution and adoption of the threats as they pass through successive stages. These stages are named by the launch, growth, maturity, trough and stability/decline. We refer to this model as The Threat Cycle (or TTC), which is depicted in Fig. 5 . In the launch phase, few incidents start appearing for a short period. This is followed by a sharp increase in terms of the number of incidents, growth and visibility as more and more cyber actors learn and adopt this new attack. Usually, the attacks in the launch phase are likely to have many variants as observed in the case of the WannaCry attack in 2017. At some point, the number of incidents reaches a peak where the attack enters the maturity phase, and the curve becomes steady for a while. Via the trough (when the attack experiences a slight decline as new security measures seem to be very effective), some attacks recover and adapt to the security defences, entering the slope of plateau, while others continue to smoothly decline although they do not completely disappear ( i.e. , slope of decline). It is worth noting that the speed of transition between the different phases may vary significantly between the attacks.

As seen in Fig. 5 , the attacks are placed on the cycle based on the slope of their current trend, while considering their historical trend and prediction. In the trough phase, we can see that the attacks will either follow the slope of plateau or the slope of decline. Based on the predicted trend in the blue zone in Fig. 4 , we were able to indicate the future direction for some of the attacks close to the split point of the trough using different colours (blue or red). Brute force, malvertising, the Distributed Denial-of-Service attack (DDoS), insider threat, WannaCry and phishing are denoted in blue meaning that these are likely on their way to the slope of plateau. In the first three phases, it is usually unclear and difficult to predict whether a particular attack will reach the plateau or decline, thus, denoted in grey.

There are some similarities and differences between TTC and the well-known Gartner hype cycle (GHC) 54 . A standard GHC is shown in a vanishing green colour in Fig. 5 . As TTC is specific to cyber threats, it has a much wider peak compared to GHC. Although both GHC and TTC have a trough phase, the threats decline slightly (while significant drop in GHC) as they exit their maturity phase, after which they recover and move to stability (slope of plateau) or decline.

Many of the attacks in the emerging category are observed in the growth phase. These include IoT device attack, deepfake and data poisoning. While ransomwares (except WannaCry) are in the growth phase, WannaCry already reached the trough, and is predicted to follow the slope of plateau. Adversarial attack has just entered the maturity stage, and cryptojacking is about to enter the trough. Although adversarial attack is generally regarded as a growing threat, interestingly, this machine-based prediction and introspection shows that it is maturing. The majority of the rapidly increasing threats are either in the growth or in the maturity phase. The attacks in the growth phase include session hijacking, supply chain, account hijacking, zero-day and botnet. The attacks in the maturity phase include malware, targeted attack, vulnerability-related attacks and Man-In-The-Middle attack (MITM). Some rapidly increasing attacks such as phishing, brute force, and DDoS are in the trough and are predicted to enter the stability. We also observe that most of the attacks in the category of overall increasing threats have passed the growth phase and are mostly branching to the slope of plateau or the slope of decline, while few are still in the maturity phase ( e.g. , spyware). All of the decreasing threats are on the slope of decline. These include XSS, pharming, drive-by, defacement and SQL injection.

Highlights and limitations

This study presents the development of a ML-based proactive approach for long-term prediction of cyber-attacks offering the ability to communicate effectively with the potential attacks and the relevant security measures in an early stage to plan for the future. This approach can contribute to the prevention of an incident by allowing more time to develop optimal defensive actions/tools in a contested cyberspace. Proactive approaches can also effectively reduce uncertainty when prioritising existing security measures or initiating new security solutions. We argue that cyber-security agencies should prioritise their resources to provide the best possible support in preventing fastest-growing attacks that appear in the launch phase of TTC or the attacks in the categories of the rapidly increasing or emerging trend as in Fig. 4 a and c based on the predictions in the coming years.

In addition, our fully automated approach is promising to overcome the well-known issues of human-based analysis, above all expertise scarcity. Given the absence of the possibility of analysing with human’s subjective bias while following a purely quantitative procedure and data, the resulting predictions are expected to have lower degree of subjectivity, leading to consistencies within the subject. By fully automating this analytic process, the results are reproducible and can potentially be explainable with help of the recent advancements in Explainable Artificial Intelligence.

Thanks to the massive data volume and wide geographic coverage of the data sources we utilised, this study covers every facet of today’s cyber-attack scenario. Our holistic approach performs the long-term prediction on the scale of 36 countries, and is not confined to a specific region. Indeed, cyberspace is limitless, and a cyber-attack on critical infrastructure in one country can affect the continent as a whole or even globally. We argue that our Threat Cycle (TTC) provides a sound basis to awareness of and investment in new security measures that could prevent attacks from taking place. We believe that our tool can enable a collective defence effort by sharing the long-term predictions and trend analysis generated via quantitative processes and data and furthering the analysis of its regional and global impacts.

Zero-day attacks exploit a previously unknown vulnerability before the developer has had a chance to release a patch or fix for the problem 55 . Zero-day attacks are particularly dangerous because they can be used to target even the most secure systems and go undetected for extended periods of time. As a result, these attacks can cause significant damage to an organisation’s reputation, financial well-being, and customer trust. Our approach takes the existing research on using ML in the field of zero-day attacks to another level, offering a more proactive solution. By leveraging the power of deep neural networks to analyse complex, high-dimensional data, our approach can help agencies to prepare ahead of time, in-order to prevent the zero-day attack from happening at the first place, a problem that there is no existing fix for it despite our ability to detect it. Our results in Fig. 4 a suggest that zero-day attack is likely to continue a steep growth until 2025. If we know this information, we can proactively invest on solutions to prevent it or slow down its rise in the future, since after all, the ML detection approaches may not be alone sufficient to reduce its effect.

A limitation of our approach is its reliance on a restricted dataset that encompasses data since 2011 only. This is due to the challenges we encountered in accessing confidential and sensitive information. Extending the prediction phase requires the model to make predictions further into the future, where there may be more variability and uncertainty. This could lead to a decrease in prediction accuracy, especially if the underlying data patterns change over time or if there are unforeseen external factors that affect the data. While not always the case, this uncertainty is highlighted by the results of the Bayesian model itself as it expresses this uncertainty through the increase of the confidence interval over time (Fig. 3 a and b). Despite incorporating the Bayesian model to tackle the epistemic uncertainty, our model could benefit substantially from additional data to acquire a comprehensive understanding of past patterns, ultimately improving its capacity to forecast long-term trends. Moreover, an augmented dataset would allow ample opportunity for testing, providing greater confidence in the model’s resilience and capability to generalise.

Further enhancements can be made to the dataset by including pivotal dates (such as anniversaries of political events and war declarations) as a feature, specifically those that experience a high frequency of cyber-attacks. Additionally, augmenting the dataset with digital traces that reflect the attackers’ intentions and motivations obtained from the dark web would be valuable. Other informative features could facilitate short-term prediction, specifically to forecast the on-set of each attack.

Future work

Moving forward, future research can focus on augmenting the dataset with additional samples and informative features to enhance the model’s performance and its ability to forecast the trend in the longer-term. Also, the work opens a new area of research that focuses on prognosticating the disparity between the trend of cyber-attacks and the associated technological solutions and other variables, with the aim of guiding research investment decisions. Subsequently, TTC could be improved by adopting another curve model that can visualise the current development of relevant security measures. The threat trend categories (Fig. 4 ) and TTC (Fig. 5 ) show how attacks will be visible in the next three years and more, however, we do not know where the relevant security measures will be. For example, data poisoning is an AI-targeted adversarial attack that attempts to manipulate the training dataset to control the prediction behaviour of a machine-learned model. From the scientific literature data ( e.g. , Scopus), we could analyse the published articles studying the data poisoning problem and identify the relevant keywords of these articles ( e.g. , Reject on Negative Impact (RONI) and Probability of Sufficiency (PS)). RONI and PS are typical methods used for detecting poisonous data by evaluating the effect of individual data points on the performance of the trained model. Likewise, the features that are informative, discriminating or uncertainty-reducing for knowing how the relevant security measures evolve exist within such online sources in the form of author’s keywords, number of citations, research funding, number of publications, etc .

The workflow and architecture of forecasting cyber threats. The ground truth of Number of Incidents (NoI) was extracted from Hackmageddon which has over 15,000 daily records of cyber incidents worldwide over the past 11 years. Additional features were obtained including the Number of Mentions (NoM) of each attack in the scientific literature using Elsevier API which gives access to over 27 million documents. The number of tweets about Armed Conflict Areas/Wars (ACA) was also obtained using Twitter API for each country, with a total of approximately 9 million tweets. Finally, the number of Public Holidays (PH) in each country was obtained using the holidays library in Python. The data preparation phase includes data re-formatting, imputation and quantification using Word Frequency Counter (WFC) to obtain the monthly occurrence of attacks per country and Cumulative Aggregation (CA) to obtain the sum for all countries. The monthly NoM, ACA and PHs were quantified and aggregated using CA. The numerical features were then combined and stored in the refined database. The percentages in the refined database are based on the contribution of each data source. In the exploratory analysis phase, the analytic platform analyses the trend and performs data smoothing using Exponential Smoothing (ES), Double Exponential Smoothing (DES) and No Smoothing (NS). The smoothing methods and Smoothing Constants (SCs) were chosen for each attack followed by the Stochastic Selection of Features (SoF). In the model development phase, the meta data was partitioned into approximately 67% for training and 33% for testing. The models were learned using the encoder-decoder architecture of the Bayesian Long Short-Term Memory (B-LSTM). The optimisation component finds the set of hyper-parameters that minimises the error (i.e., M-SMAPE), which is then used for learning the operational models. In the forecasting phase, we used the operational models to predict the next three years’ NoIs. Analysing the predicted data, trend types were identified and attacks were categorised into four different trends. The slope of each attack was then measured and the Magnitude of Slope (MoS) was analysed. The final output is The Threat Cycle (TTC) illustrating the attacks trend, status, and direction in the next 3 years.

The encoder-decoder architecture of Bayesian Long Short-Term Memory (B-LSTM). $X_{i}$ stands for the input at time-step i . $h_{i}$ stands for the hidden state, which stores information from the recent time steps (short-term). $C_{i}$ stands for the cell state, which stores all processed information from the past (long-term). The number of input time steps in the encoder is a variable tuned as a hyper-parameter, while the output in the decoder is a single time-step. The depth and number of layers are another set of hyper-parameters tuned during the model optimisation. The red arrows indicate a recurrent dropout maintained during the testing and prediction. The figure shows an example for an input with time lag=6 and a single layer. The final hidden state $h_{0}$ produced by the encoder is passed to the Repeat Vector layer to convert it from 2 dimensional output to 3 dimensional input as expected by the decoder. The decoder processes the input and produces the final hidden state $h_{1}$ . This hidden state is finally passed to a dense layer to produce the output. The table illustrates the concept of sliding window method used to forecast multiple time steps during the testing and prediction (i.e., using the output at a time-step as an input to forecast the next time-step). Using this concept, we can predict as many time steps as needed. In the table, an output vector of 6 time steps was predicted.

The B-LSTM validation results of predicting the number of attacks from April, 2019 to March, 2022. (U) indicates an univariate model while (M) indicates a multivariate model. ( a ) Botnet attack with M-SMAPE=0.03. ( b ) Brute force attack with M-SMAPE=0.13. ( c ) SQL injection attack with M-SMAPE=0.04 using the feature of NoM. ( d ) Targeted attack with M-SMAPE=0.06 using the feature of NoM. Y axis is normalised in the case of multivariate models to account for the different ranges of feature values.

A bird’s eye view of threat trend categories. The period of the trend plots is between July, 2011 and March, 2025, with the period between April, 2022 and March, 2025 forecasted using B-LSTM. ( a ) Among rapidly increasing threats, as observed in the forecast period, some threats are predicted to continue a sharp increase until 2025 while others will probably level off. ( b ) Threats under this category have overall been increasing while fluctuating over the past 11 years. Recently, some of the overall increasing threats slightly declined however many of those are likely to recover and level off by 2025. ( c ) Emerging threats that began to appear and grow sharply after the year 2016, and are expected to continue growing at this increasing rate, while others are likely to slow down or stabilise by 2025. ( d ) Decreasing threats that peaked in the earlier years and have slowly been declining since then. This decreasing group are likely to level off however probably will not disappear in the coming 3 years. The Y axis is normalised to account for the different ranges of values across different attacks. The 95% confidence interval is shown for each threat prediction.

The threat cycle (TTC). The attacks go through 5 stages, namely, launch, growth, maturity trough, and stability/decline. A standard Gartner hype cycle (GHC) is shown with a vanishing green colour for a comparison to TTC. Both GHC and TTC have a peak, however, TTC’s peak is much wider with a slightly less steep curve during the growth stage. Some attacks in TTC do not recover after the trough and slide into the slope of decline. TTC captures the state of each attack in 2022, where the colour of each attack indicates which slope it would follow (e.g., plateau or decreasing) based on the predictive results until 2025. Within the trough stage, the attacks (in blue dot) are likely to arrive at the slope of plateau by 2025. The attacks (in red dot) will probably be on the slope of decline by 2025. The attacks with unknown final destination are coloured in grey.

Data availability

As requested by the journal, the data used in this paper is available to editors and reviewers upon request. The data will be made publicly available and can be accessed at the following link after the paper is published. https://github.com/zaidalmahmoud/Cyber-threat-forecast .

Ghafur, S. et al. A retrospective impact analysis of the wannacry cyberattack on the NHS. NPJ Digit. Med. 2 , 1–7 (2019).

Article Google Scholar

Alrzini, J. R. S. & Pennington, D. A review of polymorphic malware detection techniques. Int. J. Adv. Res. Eng. Technol. 11 , 1238–1247 (2020).

Google Scholar

Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A. & Srivastava, J. A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the 2003 SIAM International Conference on Data Mining , 25–36 (SIAM, 2003).

Kebir, O., Nouaouri, I., Rejeb, L. & Said, L. B. Atipreta: An analytical model for time-dependent prediction of terrorist attacks. Int. J. Appl. Math. Comput. Sci. 32 , 495–510 (2022).

MATH Google Scholar

Anticipating cyber attacks: There’s no abbottabad in cyber space. Infosecurity Magazine https://www.infosecurity-magazine.com/white-papers/anticipating-cyber-attacks (2015).

Jumper, J. et al. Highly accurate protein structure prediction with alphafold. Nature 596 , 583–589 (2021).

Article ADS CAS PubMed PubMed Central Google Scholar

Baek, M. et al. Accurate prediction of protein structures and interactions using a three-track neural network. Science 373 , 871–876 (2021).

Gibney, E. et al. Where is russia’s cyberwar? researchers decipher its strategy. Nature 603 , 775–776 (2022).

Article ADS CAS PubMed Google Scholar

Passeri, P. Hackmageddon data set. Hackmageddon https://www.hackmageddon.com (2022).

Chen, C.-M. et al. A provably secure key transfer protocol for the fog-enabled social internet of vehicles based on a confidential computing environment. Veh. Commun. 39 , 100567 (2023).

Nagasree, Y. et al. Preserving privacy of classified authentic satellite lane imagery using proxy re-encryption and UAV technologies. Drones 7 , 53 (2023).

Kavitha, A. et al. Security in IoT mesh networks based on trust similarity. IEEE Access 10 , 121712–121724 (2022).

Salih, A., Zeebaree, S. T., Ameen, S., Alkhyyat, A. & Shukur, H. M A survey on the role of artificial intelligence, machine learning and deep learning for cybersecurity attack detection. In: 2021 7th International Engineering Conference “Research and Innovation amid Global Pandemic” (IEC) , 61–66 (IEEE, 2021).

Ren, K., Zeng, Y., Cao, Z. & Zhang, Y. Id-rdrl: A deep reinforcement learning-based feature selection intrusion detection model. Sci. Rep. 12 , 1–18 (2022).

Liu, X. & Liu, J. Malicious traffic detection combined deep neural network with hierarchical attention mechanism. Sci. Rep. 11 , 1–15 (2021).

Werner, G., Yang, S. & McConky, K. Time series forecasting of cyber attack intensity. In Proceedings of the 12th Annual Conference on Cyber and Information Security Research , 1–3 (2017).

Werner, G., Yang, S. & McConky, K. Leveraging intra-day temporal variations to predict daily cyberattack activity. In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) , 58–63 (IEEE, 2018).

Okutan, A., Yang, S. J., McConky, K. & Werner, G. Capture: cyberattack forecasting using non-stationary features with time lags. In 2019 IEEE Conference on Communications and Network Security (CNS) , 205–213 (IEEE, 2019).

Munkhdorj, B. & Yuji, S. Cyber attack prediction using social data analysis. J. High Speed Netw. 23 , 109–135 (2017).

Goyal, P. et al. Discovering signals from web sources to predict cyber attacks. arXiv preprint arXiv:1806.03342 (2018).

Qin, X. & Lee, W. Attack plan recognition and prediction using causal networks. In 20th Annual Computer Security Applications Conference , 370–379 (IEEE, 2004).

Husák, M. & Kašpar, J. Aida framework: real-time correlation and prediction of intrusion detection alerts. In: Proceedings of the 14th international conference on availability, reliability and security , 1–8 (2019).

Liu, Y. et al. Cloudy with a chance of breach: Forecasting cyber security incidents. In: 24th USENIX Security Symposium (USENIX Security 15) , 1009–1024 (2015).

Malik, J. et al. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in sdn. IEEE Access 8 , 134695–134706 (2020).

Bilge, L., Han, Y. & Dell’Amico, M. Riskteller: Predicting the risk of cyber incidents. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security , 1299–1311 (2017).

Husák, M., Bartoš, V., Sokol, P. & Gajdoš, A. Predictive methods in cyber defense: Current experience and research challenges. Futur. Gener. Comput. Syst. 115 , 517–530 (2021).

Stephens, G. Cybercrime in the year 2025. Futurist 42 , 32 (2008).

Adamov, A. & Carlsson, A. The state of ransomware. Trends and mitigation techniques. In EWDTS , 1–8 (2017).

Shoufan, A. & Damiani, E. On inter-rater reliability of information security experts. J. Inf. Secur. Appl. 37 , 101–111 (2017).

Cha, Y.-O. & Hao, Y. The dawn of metamaterial engineering predicted via hyperdimensional keyword pool and memory learning. Adv. Opt. Mater. 10 , 2102444 (2022).

Article CAS Google Scholar

Elsevier research products apis. Elsevier Developer Portal https://dev.elsevier.com (2022).

Twitter api v2. Developer Platform https://developer.twitter.com/en/docs/twitter-api (2022).

holidays 0.15. PyPI. The Python Package Index https://pypi.org/project/holidays/ (2022).

Visser, M., van Eck, N. J. & Waltman, L. Large-scale comparison of bibliographic data sources: Scopus, web of science, dimensions, crossref, and microsoft academic. Quant. Sci. Stud. 2 , 20–41 (2021).

2021 trends show increased globalized threat of ransomware. Cybersecurity and Infrastructure Security Agency https://www.cisa.gov/uscert/ncas/alerts/aa22-040a (2022).

Lai, K. K., Yu, L., Wang, S. & Huang, W. Hybridizing exponential smoothing and neural network for financial time series predication. In International Conference on Computational Science , 493–500 (Springer, 2006).

Huang, B., Ding, Q., Sun, G. & Li, H. Stock prediction based on Bayesian-lstm. In Proceedings of the 2018 10th International Conference on Machine Learning and Computing , 128–133 (2018).

Mae, Y., Kumagai, W. & Kanamori, T. Uncertainty propagation for dropout-based Bayesian neural networks. Neural Netw. 144 , 394–406 (2021).

Article PubMed Google Scholar

Scopus preview. Scopus https://www.scopus.com/home.uri (2022).

Jia, P., Chen, H., Zhang, L. & Han, D. Attention-lstm based prediction model for aircraft 4-d trajectory. Sci. Rep. 12 (2022).

Chandra, R., Goyal, S. & Gupta, R. Evaluation of deep learning models for multi-step ahead time series prediction. IEEE Access 9 , 83105–83123 (2021).

Gers, F. A., Schmidhuber, J. & Cummins, F. Learning to forget: Continual prediction with lstm. Neural Comput. 12 , 2451–2471 (2000).

Article CAS PubMed Google Scholar

Sagheer, A. & Kotb, M. Unsupervised pre-training of a deep lstm-based stacked autoencoder for multivariate time series forecasting problems. Sci. Rep. 9 , 1–16 (2019).

Article ADS Google Scholar

Swiler, L. P., Paez, T. L. & Mayes, R. L. Epistemic uncertainty quantification tutorial. In Proceedings of the 27th International Modal Analysis Conference (2009).

Gal, Y. & Ghahramani, Z. Dropout as a bayesian approximation: Representing model uncertainty in deep learning. arXiv preprint arXiv:1506.02142v6 (2016).

Chollet, F. Deep Learning with Python , 2 edn. (Manning Publications, 2017).

Xu, J., Li, Z., Du, B., Zhang, M. & Liu, J. Reluplex made more practical: Leaky relu. In 2020 IEEE Symposium on Computers and Communications (ISCC) , 1–7 (IEEE, 2020).

Gal, Y., Hron, J. & Kendall, A. Concrete dropout. Adv. Neural Inf. Process. Syst. 30 (2017).

Shcherbakov, M. V. et al. A survey of forecast error measures. World Appl. Sci. J. 24 , 171–176 (2013).

Bergstra, J. & Bengio, Y. Random search for hyper-parameter optimization. J. Mach. Learn. Res. 13 (2012).

Kingma, D. P. & Ba, J. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).

Krizhevsky, A., Sutskever, I. & Hinton, G. E. Imagenet classification with deep convolutional neural networks. Commun. ACM 60 , 84–90 (2017).

Shifferaw, Y. & Lemma, S. Limitations of proof of stake algorithm in blockchain: A review. Zede J. 39 , 81–95 (2021).

Dedehayir, O. & Steinert, M. The hype cycle model: A review and future directions. Technol. Forecast. Soc. Chang. 108 , 28–41 (2016).

Abri, F., Siami-Namini, S., Khanghah, M. A., Soltani, F. M. & Namin, A. S. Can machine/deep learning classifiers detect zero-day malware with high accuracy?. In 2019 IEEE International Conference on Big Data (Big Data) , 3252–3259 (IEEE, 2019).

Download references

Acknowledgements

The authors are grateful to the DASA’s machine learning team for their invaluable discussions and feedback, and special thanks to the EBTIC, British Telecom’s (BT) cyber security team for their constructive criticism on this work.

Author information

Authors and affiliations.

Department of Computer Science and Information Systems, University of London, Birkbeck College, London, United Kingdom

Zaid Almahmoud & Paul D. Yoo

Huawei Technologies Canada, Ottawa, Canada

Omar Alhussein

Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Canada

Ilyas Farhat

Department of Computer Science, Università degli Studi di Milano, Milan, Italy

Ernesto Damiani

Center for Cyber-Physical Systems (C2PS), Khalifa University, Abu Dhabi, United Arab Emirates

You can also search for this author in PubMed Google Scholar

Contributions

Z.A., P.D.Y, I.F., and E.D. were in charge of the framework design and theoretical analysis of the trend analysis and TTC. Z.A., O.A., and P.D.Y. contributed to the B-LSTM design and experiments. O.A. proposed the concepts of B-LSTM. All of the authors contributed to the discussion of the framework design and experiments, and the writing of this paper. P.D.Y. proposed the big data approach and supervised the whole project.

Corresponding author

Correspondence to Paul D. Yoo .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Supplementary information., rights and permissions.

Reprints and permissions

About this article

Cite this article.

Almahmoud, Z., Yoo, P.D., Alhussein, O. et al. A holistic and proactive approach to forecasting cyber threats. Sci Rep 13 , 8049 (2023). https://doi.org/10.1038/s41598-023-35198-1

Download citation

Received : 21 December 2022

Accepted : 14 May 2023

Published : 17 May 2023

DOI : https://doi.org/10.1038/s41598-023-35198-1

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

This article is cited by

Integrating ai-driven threat intelligence and forecasting in the cyber security exercise content generation lifecycle.

Alexandros Zacharis
Vasilios Katos
Constantinos Patsakis

International Journal of Information Security (2024)

By submitting a comment you agree to abide by our Terms and Community Guidelines . If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.

Quick links

Explore articles by subject
Guide to authors
Editorial policies

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Springer Nature - PMC COVID-19 Collection

Cyber risk and cybersecurity: a systematic review of data availability

Frank cremer.

1 University of Limerick, Limerick, Ireland

Barry Sheehan

Michael fortmann.

2 TH Köln University of Applied Sciences, Cologne, Germany

Arash N. Kia

Martin mullins, finbarr murphy, stefan materne, associated data.

Supplementary Information

The online version contains supplementary material available at 10.1057/s41288-022-00266-6.

Introduction

An external file that holds a picture, illustration, etc.
Object name is 41288_2022_266_Fig1_HTML.jpg

An overview of the current cyber insurance informational and methodological landscape, adapted from EIOPA ( 2018 ) and Romanosky et al. ( 2019 )

Related work

Methodology

Process and eligibility criteria.

Information sources

Scopus: 135
Springer Link: 548
Web of Science: 534

An overview of the process is given in Fig. 2 . Combined with the results from the four databases, 854 articles without duplicates were identified.

An external file that holds a picture, illustration, etc.
Object name is 41288_2022_266_Fig2_HTML.jpg

Literature search process and categorisation of the studies

Study selection

An external file that holds a picture, illustration, etc.
Object name is 41288_2022_266_Fig3_HTML.jpg

Distribution of studies

Data collection process and synthesis of the results

An external file that holds a picture, illustration, etc.
Object name is 41288_2022_266_Fig4_HTML.jpg

Distribution of dataset results

An external file that holds a picture, illustration, etc.
Object name is 41288_2022_266_Fig5_HTML.jpg

Correlation between the studies and the datasets

An external file that holds a picture, illustration, etc.
Object name is 41288_2022_266_Fig6_HTML.jpg

Distribution of studies and their use of datasets

Percentage contribution of datasets for each place of origin

Rank	Place of origin	Percentage of datasets
1	U.S.	58.2
2	Canada	11.3
3	Australia	5
4	Germany	3.7
5	U.K.	3.7
6	France	2.5
7	Italy	2.5
8	Spain	2.5
9	China	1.2
10	Czech Republic	1.2
11	Greece	1.2
12	Japan	1.2
13	Lithuania	1.2
14	Luxembourg	1.2
15	Netherlands	1.2
16	Republic of Korea	1.2
17	Turkey	1.2

Most of the datasets are generated in the U.S. (up to 58.2%). Canada and Australia rank next, with 11.3% and 5% of all the reviewed datasets, respectively.

Case datasets

Impact datasets

Cybersecurity datasets

General intrusion detection.

Intrusion detection systems with a focus on IoT

Literature reviews

New datasets

Datasets that have been classified into the cybersecurity category are detailed in Supplementary Table 3. Due to overlap, records from the previous tables may also be included.

Summary of Google datasets

No	Dataset creator	Name of the dataset	Data availability	Year of creation/start year	Description
1	ActionFraud	Cyber Crime Dashboard	Public	2020	Shows cybercrime and fraud reported in the U.K..
2	Carlos E. Jimenez-Gomez	Data Breaches 2004–2017	Public	2018	Includes 270 records and 11 variables of data breaches. The data breaches happened between 2004–2017. Only data breaches with over 30,000 records are considered.
3	Chubb	Chubb Cyber Index	Public	2007	Shows cyber claims for more than two decades. In this dashboard, there is the possibility to get information about different areas regarding claims cost. Furthermore, it is possible to get an overview of claims of different years.
4	CMS	DGDPR Enforcement Tracker	Public	2018	An overview of fines and penalties, which data protection authorities within the EU have imposed under the EU GDPR.
5	DSGVO Portal	DSGVO—Portal	Public	2014	Fines for violations of the GDPR and other data protection laws.
6	Federal Bureau of Investigation	Internet Crime Report 2020	Public	2021	Includes the cyber risk impact situation in the U.S..
7	Government of Canada	No name	Public	2017	Percentage of enterprises impacted by specific types of cybersecurity incidents by the North American Industry Classification System (NAICS) and size of the enterprise.
8	Hiscox	Hisco Cyber Readiness Report 2020	Public	2020	The average cost of all cyberattacks to firms from Europe and the U.S. in 2020, by size, in USD.
9	IBM Security	Cost of a Data Breach Report 2020	Public	2020	Includes the cost of data breaches from 2014 to 2020.
10	Information is beautiful	World's Biggest Data Breaches & Hacks	Public	2004	Selected events over 30,000 records.
11	Ipsos Mori	Cyber Security Breaches Survey	Public	2020	Displays the share of businesses that have had certain outcomes after experiencing a cybersecurity breach or attack in the last 12 months in the U.K. in 2020
12	Kaspersky	Damage Control: The Cost of Security Breaches	Public	2020	Analyses the different data of Kaspersky
13	Marsch—Mircosoft—Global Cyber Risk Perception Survey	Marsch—Mircosoft—Global Cyber Risk Perception Survey	Public	2018	Presents the greatest potential imp.acts to an organisation due to cyber loss scenarios, according to senior executives
14	Mendeley Data	California Data Breach Notification Data	Public	2019	An empirical study of security breach notifications filed in California during 2012–2016.
15	Norton	2019 Cyber Safety Insights Report	Public	2020	A survey of internet users who have experienced an internet crime.
16	Paolo Passeri	Hackmageddon	Access controlled	2011	Overview of collected timelines with a focus on cyberattacks.
17	Pierangelo and Theo	Data Breach Dataset	Public	2020	Consists of 506 data breaches and associated characteristics that affected U.S.-listed companies over a 10-year period from April 2005 to March 2015. The dataset was gathered from the Privacy Rights Clearinghouse (PRC) and then augmented with manual data collection.
18	PwC	2015 Information Security Breaches Survey	Public	2015	Illustrates the ranking of what made a particular security breach incident the worst of the year in the U.K. in 2015.
19	Spy Cloud	Spy Cloud	Private	-	-
20	Willis Towers Watson	Cyber claims analysis report	Public	2020	Uses analysed claims data of Willis Towers Watson to provide specific insight.

Below is the link to the electronic supplementary material.

Biographies

is a PhD student at the Kemmy Business School, University of Limerick, as part of the Emerging Risk Group (ERG). He is researching in joint cooperation with the Institute for Insurance Studies (ivwKöln), TH Köln, where he is working as a Research Assistant at the Cologne Research Centre for Reinsurance. His current research interests include cyber risks, cyber insurance and cybersecurity. Frank is a Fellow of the Chartered Insurance Institute (FCII) and a member of the German Association for Insurance Studies (DVfVW).

is a Lecturer in Risk and Finance at the Kemmy Business School at the University of Limerick. In his research, Dr Sheehan investigates novel risk metrication and machine learning methodologies in the context of insurance and finance, attentive to a changing private and public emerging risk environment. He is a researcher with significant insurance industry and academic experience. With a professional background in actuarial science, his research uses machine-learning techniques to estimate the changing risk profile produced by emerging technologies. He is a senior member of the Emerging Risk Group (ERG) at the University of Limerick, which has long-established expertise in insurance and risk management and has continued success within large research consortia including a number of SFI, FP7 and EU H2020 research projects. In particular, he contributed to the successful completion of three Horizon 2020 EU-funded projects, including PROTECT, Vision Inspired Driver Assistance Systems (VI-DAS) and Cloud Large Scale Video Analysis (Cloud-LSVA).

is a Professor at the Institute of Insurance at the Technical University of Cologne. His activities include teaching and research in insurance law and liability insurance. His research focuses include D&O, corporate liability, fidelity and cyber insurance. In addition, he heads the Master’s degree programme in insurance law and is the Academic Director of the Automotive Insurance Manager and Cyber Insurance Manager certificate programmes. He is also chairman of the examination board at the Institute of Insurance Studies.

Arash Negahdari Kia

is a postdoctoral Marie Cuire scholar and Research Fellow at the Kemmy Business School (KBS), University of Limerick (UL), a member of the Lero Software Research Center and Emerging Risk Group (ERG). He researches the cybersecurity risks of autonomous vehicles using machine-learning algorithms in a team supervised by Dr Finbarr Murphy at KBS, UL. For his PhD, he developed two graph-based, semi-supervised algorithms for multivariate time series for global stock market indices prediction. For his Master’s, he developed neural network models for Forex market prediction. Arash’s other research interests include text mining, graph mining and bioinformatics.

is a Professor in Risk and Insurance at the Kemmy Business School, University of Limerick. He worked on a number of insurance-related research projects, including four EU Commission-funded projects around emerging technologies and risk transfer. Prof. Mullins maintains strong links with the international insurance industry and works closely with Lloyd’s of London and XL Catlin on emerging risk. His work also encompasses the area of applied ethics as it pertains to new technologies. In the field of applied ethics, Dr Mullins works closely with the insurance industry and lectures on cultural and technological breakthroughs of high societal relevance. In that respect, Dr Martin Mullins has been appointed to a European expert group to advise EIOPA on the development of digital responsibility principles in insurance.

is Executive Dean Kemmy Business School. A computer engineering graduate, Finbarr worked for over 10 years in investment banking before returning to academia and completing his PhD in 2010. Finbarr has authored or co-authored over 70 refereed journal papers, edited books and book chapters. His research has been published in leading research journals in his discipline, such as Nature Nanotechnology, Small, Transportation Research A-F and the Review of Derivatives Research. A former Fulbright Scholar and Erasmus Mundus Exchange Scholar, Finbarr has delivered numerous guest lectures in America, mainland Europe, Israel, Russia, China and Vietnam. His research interests include quantitative finance and, more recently, emerging technological risk. Finbarr is currently engaged in several EU H2020 projects and with the Irish Science Foundation Ireland.

(FCII) has held the Chair of Reinsurance at the Institute of Insurance of TH Köln since 1998, focusing on the efficiency of reinsurance, industrial insurance and alternative risk transfer (ART). He studied mathematics and computer science with a focus on artificial intelligence and researched from 1988 to 1991 at the Fraunhofer Institute for Autonomous Intelligent Systems (AiS) in Schloß Birlinghoven. From 1991 to 2004, Prof. Materne worked for Gen Re (formerly Cologne Re) in various management positions in Germany and abroad, and from 2001 to 2003, he served as General Manager of Cologne Re of Dublin in Ireland. In 2008, Prof. Materne founded the Cologne Reinsurance Research Centre, of which he is the Director. Current issues in reinsurance and related fields are analysed and discussed with practitioners, with valuable contacts through the ‘Förderkreis Rückversicherung’ and the organisation of the annual Cologne Reinsurance Symposium. Prof. Materne holds various international supervisory boards, board of directors and advisory board mandates at insurance and reinsurance companies, captives, InsurTechs, EIOPA, as well as at insurance-scientific institutions. He also acts as an arbitrator and party representative in arbitration proceedings.

Open Access funding provided by the IReL Consortium.

Declarations

On behalf of all authors, the corresponding author states that there is no conflict of interest.

1 Average cost of a breach of more than 50 million records.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Aamir M, Rizvi SSH, Hashmani MA, Zubair M, Ahmad J. Machine learning classification of port scanning and DDoS attacks: A comparative analysis. Mehran University Research Journal of Engineering and Technology. 2021; 40 (1):215–229. doi: 10.22581/muet1982.2101.19. [ CrossRef ] [ Google Scholar ]
Aamir M, Zaidi SMA. DDoS attack detection with feature engineering and machine learning: The framework and performance evaluation. International Journal of Information Security. 2019; 18 (6):761–785. doi: 10.1007/s10207-019-00434-1. [ CrossRef ] [ Google Scholar ]
Aassal A, El S, Baki A. Das, Verma RM. An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access. 2020; 8 :22170–22192. doi: 10.1109/ACCESS.2020.2969780. [ CrossRef ] [ Google Scholar ]
Abu Al-Haija Q, Zein-Sabatto S. An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics. 2020; 9 (12):26. doi: 10.3390/electronics9122152. [ CrossRef ] [ Google Scholar ]
Adhikari U, Morris TH, Pan SY. Applying Hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Transactions on Smart Grid. 2018; 9 (5):4049–4060. doi: 10.1109/tsg.2017.2647778. [ CrossRef ] [ Google Scholar ]
Agarwal A, Sharma P, Alshehri M, Mohamed AA, Alfarraj O. Classification model for accuracy and intrusion detection using machine learning approach. PeerJ Computer Science. 2021 doi: 10.7717/peerj-cs.437. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Agrafiotis Ioannis, Nurse Jason R.C., Goldsmith M, Creese S, Upton D. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity. 2018; 4 :tyy006. doi: 10.1093/cybsec/tyy006. [ CrossRef ] [ Google Scholar ]
Agrawal A, Mohammed S, Fiaidhi J. Ensemble technique for intruder detection in network traffic. International Journal of Security and Its Applications. 2019; 13 (3):1–8. doi: 10.33832/ijsia.2019.13.3.01. [ CrossRef ] [ Google Scholar ]
Ahmad, I., and R.A. Alsemmeari. 2020. Towards improving the intrusion detection through ELM (extreme learning machine). CMC Computers Materials & Continua 65 (2): 1097–1111. 10.32604/cmc.2020.011732.
Ahmed M, Mahmood AN, Hu JK. A survey of network anomaly detection techniques. Journal of Network and Computer Applications. 2016; 60 :19–31. doi: 10.1016/j.jnca.2015.11.016. [ CrossRef ] [ Google Scholar ]
Al-Jarrah OY, Alhussein O, Yoo PD, Muhaidat S, Taha K, Kim K. Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics. 2016; 46 (8):1796–1806. doi: 10.1109/TCYB.2015.2490802. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Al-Mhiqani MN, Ahmad R, Abidin ZZ, Yassin W, Hassan A, Abdulkareem KH, Ali NS, Yunos Z. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations. Applied Sciences—Basel. 2020; 10 (15):41. doi: 10.3390/app10155208. [ CrossRef ] [ Google Scholar ]
Al-Omari M, Rawashdeh M, Qutaishat F, Alshira'H M, Ababneh N. An intelligent tree-based intrusion detection model for cyber security. Journal of Network and Systems Management. 2021; 29 (2):18. doi: 10.1007/s10922-021-09591-y. [ CrossRef ] [ Google Scholar ]
Alabdallah A, Awad M. Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System. KSII Transactions on Internet and Information Systems. 2018; 12 (10):5143–5158. doi: 10.3837/tiis.2018.10.027. [ CrossRef ] [ Google Scholar ]
Alazab M, Alazab M, Shalaginov A, Mesleh A, Awajan A. Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems—the International Journal of eScience. 2020; 107 :509–521. doi: 10.1016/j.future.2020.02.002. [ CrossRef ] [ Google Scholar ]
Albahar MA, Al-Falluji RA, Binsawad M. An empirical comparison on malicious activity detection using different neural network-based models. IEEE Access. 2020; 8 :61549–61564. doi: 10.1109/ACCESS.2020.2984157. [ CrossRef ] [ Google Scholar ]
AlEroud AF, Karabatis G. Queryable semantics to detect cyber-attacks: A flow-based detection approach. IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2018; 48 (2):207–223. doi: 10.1109/TSMC.2016.2600405. [ CrossRef ] [ Google Scholar ]
Algarni AM, Thayananthan V, Malaiya YK. Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems. Applied Sciences (switzerland) 2021 doi: 10.3390/app11083678. [ CrossRef ] [ Google Scholar ]
Alhowaide A, Alsmadi I, Tang J. Towards the design of real-time autonomous IoT NIDS. Cluster Computing—the Journal of Networks Software Tools and Applications. 2021 doi: 10.1007/s10586-021-03231-5. [ CrossRef ] [ Google Scholar ]
Ali S, Li Y. Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access. 2019; 7 :108647–108659. doi: 10.1109/ACCESS.2019.2933304. [ CrossRef ] [ Google Scholar ]
AlKadi O, Moustafa N, Turnbull B, Choo KKR. Mixture localization-based outliers models for securing data migration in cloud centers. IEEE Access. 2019; 7 :114607–114618. doi: 10.1109/ACCESS.2019.2935142. [ CrossRef ] [ Google Scholar ]
Allianz. 2021. Allianz Risk Barometer. https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2021.pdf . Accessed 15 May 2021.
Almiani Muder, AbuGhazleh Alia, Al-Rahayfeh Amer, Atiewi Saleh, Razaque Abdul. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory. 2020; 101 :102031. doi: 10.1016/j.simpat.2019.102031. [ CrossRef ] [ Google Scholar ]
Alsaedi A, Moustafa N, Tari Z, Mahmood A, Anwar A. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access. 2020; 8 :165130–165150. doi: 10.1109/access.2020.3022862. [ CrossRef ] [ Google Scholar ]
Alsamiri J, Alsubhi K. Internet of Things cyber attacks detection using machine learning. International Journal of Advanced Computer Science and Applications. 2019; 10 (12):627–634. doi: 10.14569/IJACSA.2019.0101280. [ CrossRef ] [ Google Scholar ]
Alsharafat W. Applying artificial neural network and eXtended classifier system for network intrusion detection. International Arab Journal of Information Technology. 2013; 10 (3):230–238. [ Google Scholar ]
Amin RW, Sevil HE, Kocak S, Francia G, III, Hoover P. The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information (switzerland) 2021; 12 (1):1–18. doi: 10.3390/info12010002. [ CrossRef ] [ Google Scholar ]
Arcuri MC, Gai LZ, Ielasi F, Ventisette E. Cyber attacks on hospitality sector: Stock market reaction. Journal of Hospitality and Tourism Technology. 2020; 11 (2):277–290. doi: 10.1108/jhtt-05-2019-0080. [ CrossRef ] [ Google Scholar ]
Arp Daniel, Spreitzenbarth Michael, Hubner Malte, Rieck Konrad, et al. Drebin: Effective and explainable detection of android malware in your pocket. NDSS Conference. 2014; 14 :23–26. [ Google Scholar ]
Ashtiani M, Azgomi MA. A distributed simulation framework for modeling cyber attacks and the evaluation of security measures. Simulation—Transactions of the Society for Modeling and Simulation International. 2014; 90 (9):1071–1102. doi: 10.1177/0037549714540221. [ CrossRef ] [ Google Scholar ]
Atefinia R, Ahmadi M. Network intrusion detection using multi-architectural modular deep neural network. Journal of Supercomputing. 2021; 77 (4):3571–3593. doi: 10.1007/s11227-020-03410-y. [ CrossRef ] [ Google Scholar ]
Avila R, Khoury R, Khoury R, Petrillo F. Use of security logs for data leak detection: A systematic literature review. Security and Communication Networks. 2021; 2021 :29. doi: 10.1155/2021/6615899. [ CrossRef ] [ Google Scholar ]
Azeez NA, Ayemobola TJ, Misra S, Maskeliunas R, Damasevicius R. Network Intrusion Detection with a Hashing Based Apriori Algorithm Using Hadoop MapReduce. Computers. 2019; 8 (4):15. doi: 10.3390/computers8040086. [ CrossRef ] [ Google Scholar ]
Bakdash JZ, Hutchinson S, Zaroukian EG, Marusich LR, Thirumuruganathan S, Sample C, Hoffman B, Das G. Malware in the future forecasting of analyst detection of cyber events. Journal of Cybersecurity. 2018 doi: 10.1093/cybsec/tyy007. [ CrossRef ] [ Google Scholar ]
Barletta VS, Caivano D, Nannavecchia A, Scalera M. Intrusion detection for in-vehicle communication networks: An unsupervised Kohonen SOM approach. Future Internet. 2020 doi: 10.3390/FI12070119. [ CrossRef ] [ Google Scholar ]
Barzegar M, Shajari M. Attack scenario reconstruction using intrusion semantics. Expert Systems with Applications. 2018; 108 :119–133. doi: 10.1016/j.eswa.2018.04.030. [ CrossRef ] [ Google Scholar ]
Bessy-Roland Yannick, Boumezoued Alexandre, Hillairet Caroline. Multivariate Hawkes process for cyber insurance. Annals of Actuarial Science. 2021; 15 (1):14–39. doi: 10.1017/S1748499520000093. [ CrossRef ] [ Google Scholar ]
Bhardwaj A, Mangat V, Vig R. Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud. IEEE Access. 2020; 8 :181916–181929. doi: 10.1109/ACCESS.2020.3028690. [ CrossRef ] [ Google Scholar ]
Bhati BS, Rai CS, Balamurugan B, Al-Turjman F. An intrusion detection scheme based on the ensemble of discriminant classifiers. Computers & Electrical Engineering. 2020; 86 :9. doi: 10.1016/j.compeleceng.2020.106742. [ CrossRef ] [ Google Scholar ]
Bhattacharya S, Krishnan SSR, Maddikunta PKR, Kaluri R, Singh S, Gadekallu TR, Alazab M, Tariq U. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics. 2020; 9 (2):16. doi: 10.3390/electronics9020219. [ CrossRef ] [ Google Scholar ]
Bibi I, Akhunzada A, Malik J, Iqbal J, Musaddiq A, Kim S. A dynamic DL-driven architecture to combat sophisticated android malware. IEEE Access. 2020; 8 :129600–129612. doi: 10.1109/ACCESS.2020.3009819. [ CrossRef ] [ Google Scholar ]
Biener C, Eling M, Wirfs JH. Insurability of cyber risk: An empirical analysis. Geneva Papers on Risk and Insurance: Issues and Practice. 2015; 40 (1):131–158. doi: 10.1057/gpp.2014.19. [ CrossRef ] [ Google Scholar ]
Binbusayyis A, Vaiyapuri T. Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach. IEEE Access. 2019; 7 :106495–106513. doi: 10.1109/ACCESS.2019.2929487. [ CrossRef ] [ Google Scholar ]
Biswas R, Roy S. Botnet traffic identification using neural networks. Multimedia Tools and Applications. 2021 doi: 10.1007/s11042-021-10765-8. [ CrossRef ] [ Google Scholar ]
Bouyeddou B, Harrou F, Kadri B, Sun Y. Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing—the Journal of Networks Software Tools and Applications. 2021; 24 (2):1435–1453. doi: 10.1007/s10586-020-03203-1. [ CrossRef ] [ Google Scholar ]
Bozkir AS, Aydos M. LogoSENSE: A companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Computers & Security. 2020; 95 :18. doi: 10.1016/j.cose.2020.101855. [ CrossRef ] [ Google Scholar ]
Brower, D., and M. McCormick. 2021. Colonial pipeline resumes operations following ransomware attack. Financial Times .
Cai H, Zhang F, Levi A. An unsupervised method for detecting shilling attacks in recommender systems by mining item relationship and identifying target items. The Computer Journal. 2019; 62 (4):579–597. doi: 10.1093/comjnl/bxy124. [ CrossRef ] [ Google Scholar ]
Cebula, J.J., M.E. Popeck, and L.R. Young. 2014. A Taxonomy of Operational Cyber Security Risks Version 2 .
Chadza T, Kyriakopoulos KG, Lambotharan S. Learning to learn sequential network attacks using hidden Markov models. IEEE Access. 2020; 8 :134480–134497. doi: 10.1109/ACCESS.2020.3011293. [ CrossRef ] [ Google Scholar ]
Chatterjee S, Thekdi S. An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems. Reliability Engineering and System Safety. 2020 doi: 10.1016/j.ress.2019.106664. [ CrossRef ] [ Google Scholar ]
Chattopadhyay M, Sen R, Gupta S. A comprehensive review and meta-analysis on applications of machine learning techniques in intrusion detection. Australasian Journal of Information Systems. 2018; 22 :27. doi: 10.3127/ajis.v22i0.1667. [ CrossRef ] [ Google Scholar ]
Chen HS, Fiscus J. The inhospitable vulnerability: A need for cybersecurity risk assessment in the hospitality industry. Journal of Hospitality and Tourism Technology. 2018; 9 (2):223–234. doi: 10.1108/JHTT-07-2017-0044. [ CrossRef ] [ Google Scholar ]
Chhabra GS, Singh VP, Singh M. Cyber forensics framework for big data analytics in IoT environment using machine learning. Multimedia Tools and Applications. 2020; 79 (23–24):15881–15900. doi: 10.1007/s11042-018-6338-1. [ CrossRef ] [ Google Scholar ]
Chiba Z, Abghour N, Moussaid K, Elomri A, Rida M. Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms. Computers and Security. 2019; 86 :291–317. doi: 10.1016/j.cose.2019.06.013. [ CrossRef ] [ Google Scholar ]
Choras M, Kozik R. Machine learning techniques applied to detect cyber attacks on web applications. Logic Journal of the IGPL. 2015; 23 (1):45–56. doi: 10.1093/jigpal/jzu038. [ CrossRef ] [ Google Scholar ]
Chowdhury Sudipta, Khanzadeh Mojtaba, Akula Ravi, Zhang Fangyan, Zhang Song, Medal Hugh, Marufuzzaman Mohammad, Bian Linkan. Botnet detection using graph-based feature clustering. Journal of Big Data. 2017; 4 (1):14. doi: 10.1186/s40537-017-0074-7. [ CrossRef ] [ Google Scholar ]
Cost Of A Cyber Incident: Systematic Review And Cross-Validation, Cybersecurity & Infrastructure Agency , 1, https://www.cisa.gov/sites/default/files/publications/CISA-OCE_Cost_of_Cyber_Incidents_Study-FINAL_508.pdf (2020).
D'Hooge L, Wauters T, Volckaert B, De Turck F. Classification hardness for supervised learners on 20 years of intrusion detection data. IEEE Access. 2019; 7 :167455–167469. doi: 10.1109/access.2019.2953451. [ CrossRef ] [ Google Scholar ]
Damasevicius R, Venckauskas A, Grigaliunas S, Toldinas J, Morkevicius N, Aleliunas T, Smuikys P. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics. 2020; 9 (5):23. doi: 10.3390/electronics9050800. [ CrossRef ] [ Google Scholar ]
Giovanni De, Domenico Arturo Leccadito, Pirra Marco. On the determinants of data breaches: A cointegration analysis. Decisions in Economics and Finance. 2020 doi: 10.1007/s10203-020-00301-y. [ CrossRef ] [ Google Scholar ]
Deng Lianbing, Li Daming, Yao Xiang, Wang Haoxiang. Retracted Article: Mobile network intrusion detection for IoT system based on transfer learning algorithm. Cluster Computing. 2019; 22 (4):9889–9904. doi: 10.1007/s10586-018-1847-2. [ CrossRef ] [ Google Scholar ]
Donkal G, Verma GK. A multimodal fusion based framework to reinforce IDS for securing Big Data environment using Spark. Journal of Information Security and Applications. 2018; 43 :1–11. doi: 10.1016/j.jisa.2018.10.001. [ CrossRef ] [ Google Scholar ]
Dunn C, Moustafa N, Turnbull B. Robustness evaluations of sustainable machine learning models against data Poisoning attacks in the Internet of Things. Sustainability. 2020; 12 (16):17. doi: 10.3390/su12166434. [ CrossRef ] [ Google Scholar ]
Dwivedi S, Vardhan M, Tripathi S. Multi-parallel adaptive grasshopper optimization technique for detecting anonymous attacks in wireless networks. Wireless Personal Communications. 2021 doi: 10.1007/s11277-021-08368-5. [ CrossRef ] [ Google Scholar ]
Dyson, B. 2020. COVID-19 crisis could be ‘watershed’ for cyber insurance, says Swiss Re exec. https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/covid-19-crisis-could-be-watershed-for-cyber-insurance-says-swiss-re-exec-59197154 . Accessed 7 May 2020.
EIOPA. 2018. Understanding cyber insurance—a structured dialogue with insurance companies. https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_understanding_cyber_insurance.pdf . Accessed 28 May 2018
Elijah AV, Abdullah A, JhanJhi NZ, Supramaniam M, Abdullateef OB. Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: An empirical study. International Journal of Advanced Computer Science and Applications. 2019; 10 (9):520–528. doi: 10.14569/IJACSA.2019.0100969. [ CrossRef ] [ Google Scholar ]
Eling M, Jung K. Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance Mathematics & Economics. 2018; 82 :167–180. doi: 10.1016/j.insmatheco.2018.07.003. [ CrossRef ] [ Google Scholar ]
Eling M, Schnell W. What do we know about cyber risk and cyber risk insurance? Journal of Risk Finance. 2016; 17 (5):474–491. doi: 10.1108/jrf-09-2016-0122. [ CrossRef ] [ Google Scholar ]
Eling M, Wirfs J. What are the actual costs of cyber risk events? European Journal of Operational Research. 2019; 272 (3):1109–1119. doi: 10.1016/j.ejor.2018.07.021. [ CrossRef ] [ Google Scholar ]
Eling Martin. Cyber risk research in business and actuarial science. European Actuarial Journal. 2020; 10 (2):303–333. doi: 10.1007/s13385-020-00250-1. [ CrossRef ] [ Google Scholar ]
Elmasry W, Akbulut A, Zaim AH. Empirical study on multiclass classification-based network intrusion detection. Computational Intelligence. 2019; 35 (4):919–954. doi: 10.1111/coin.12220. [ CrossRef ] [ Google Scholar ]
Elsaid Shaimaa Ahmed, Albatati Nouf Saleh. An optimized collaborative intrusion detection system for wireless sensor networks. Soft Computing. 2020; 24 (16):12553–12567. doi: 10.1007/s00500-020-04695-0. [ CrossRef ] [ Google Scholar ]
Estepa R, Díaz-Verdejo JE, Estepa A, Madinabeitia G. How much training data is enough? A case study for HTTP anomaly-based intrusion detection. IEEE Access. 2020; 8 :44410–44425. doi: 10.1109/ACCESS.2020.2977591. [ CrossRef ] [ Google Scholar ]
European Council. 2021. Cybersecurity: how the EU tackles cyber threats. https://www.consilium.europa.eu/en/policies/cybersecurity/ . Accessed 10 May 2021
Falco Gregory, Eling Martin, Jablanski Danielle, Weber Matthias, Miller Virginia, Gordon Lawrence A, Wang Shaun Shuxun, Schmit Joan, Thomas Russell, Elvedi Mauro, Maillart Thomas, Donavan Emy, Dejung Simon, Durand Eric, Nutter Franklin, Scheffer Uzi, Arazi Gil, Ohana Gilbert, Lin Herbert. Cyber risk research impeded by disciplinary barriers. Science (american Association for the Advancement of Science) 2019; 366 (6469):1066–1069. doi: 10.1126/science.aaz4795. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Fan ZJ, Tan ZP, Tan CX, Li X. An improved integrated prediction method of cyber security situation based on spatial-time analysis. Journal of Internet Technology. 2018; 19 (6):1789–1800. doi: 10.3966/160792642018111906015. [ CrossRef ] [ Google Scholar ]
Fang ZJ, Xu MC, Xu SH, Hu TZ. A framework for predicting data breach risk: Leveraging dependence to cope with sparsity. IEEE Transactions on Information Forensics and Security. 2021; 16 :2186–2201. doi: 10.1109/tifs.2021.3051804. [ CrossRef ] [ Google Scholar ]
Farkas S, Lopez O, Thomas M. Cyber claim analysis using Generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics. 2021; 98 :92–105. doi: 10.1016/j.insmatheco.2021.02.009. [ CrossRef ] [ Google Scholar ]
Farsi H, Fanian A, Taghiyarrenani Z. A novel online state-based anomaly detection system for process control networks. International Journal of Critical Infrastructure Protection. 2019; 27 :11. doi: 10.1016/j.ijcip.2019.100323. [ CrossRef ] [ Google Scholar ]
Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications. 2020; 50 :19. doi: 10.1016/j.jisa.2019.102419. [ CrossRef ] [ Google Scholar ]
Field, M. 2018. WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled. https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/ . Accessed 9 May 2018.
FitchRatings. 2021. U.S. Cyber Insurance Market Update (Spike in Claims Leads to Decline in 2020 Underwriting Performance). https://www.fitchratings.com/research/insurance/us-cyber-insurance-market-update-spike-in-claims-leads-to-decline-in-2020-underwriting-performance-26-05-2021 .
Fossaceca JM, Mazzuchi TA, Sarkani S. MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications. 2015; 42 (8):4062–4080. doi: 10.1016/j.eswa.2014.12.040. [ CrossRef ] [ Google Scholar ]
Franke Ulrik, Brynielsson Joel. Cyber situational awareness – A systematic review of the literature. Computers & Security. 2014; 46 :18–31. doi: 10.1016/j.cose.2014.06.008. [ CrossRef ] [ Google Scholar ]
Freeha Khan, Hwan Kim Jung, Lars Mathiassen, Robin Moore. Data breach management: An integrated risk model. Information & Management. 2021; 58 (1):103392. doi: 10.1016/j.im.2020.103392. [ CrossRef ] [ Google Scholar ]
Ganeshan R, Rodrigues Paul. Crow-AFL: Crow based adaptive fractional lion optimization approach for the intrusion detection. Wireless Personal Communications. 2020; 111 (4):2065–2089. doi: 10.1007/s11277-019-06972-0. [ CrossRef ] [ Google Scholar ]
GAO. 2021. CYBER INSURANCE—Insurers and policyholders face challenges in an evolving market. https://www.gao.gov/assets/gao-21-477.pdf . Accessed 16 May 2021.
Garber, J. 2021. Colonial Pipeline fiasco foreshadows impact of Biden energy policy. https://www.foxbusiness.com/markets/colonial-pipeline-fiasco-foreshadows-impact-of-biden-energy-policy . Accessed 4 May 2021.
Gauthama Raman MR, Somu Nivethitha, Jagarapu Sahruday, Manghnani Tina, Selvam Thirumaran, Krithivasan Kannan, Shankar Sriram VS. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artificial Intelligence Review. 2020; 53 (5):3255–3286. doi: 10.1007/s10462-019-09762-z. [ CrossRef ] [ Google Scholar ]
Gavel S, Raghuvanshi AS, Tiwari S. Distributed intrusion detection scheme using dual-axis dimensionality reduction for Internet of things (IoT) Journal of Supercomputing. 2021 doi: 10.1007/s11227-021-03697-5. [ CrossRef ] [ Google Scholar ]
GDPR.EU. 2021. FAQ. https://gdpr.eu/faq/ . Accessed 10 May 2021.
Georgescu TM, Iancu B, Zurini M. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in IoT networks. Sensors (switzerland) 2019 doi: 10.3390/s19153380. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Giudici Paolo, Raffinetti Emanuela. Cyber risk ordering with rank-based statistical models. AStA Advances in Statistical Analysis. 2020 doi: 10.1007/s10182-020-00387-0. [ CrossRef ] [ Google Scholar ]
Goh, J., S. Adepu, K.N. Junejo, and A. Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In CRITIS.
Gong XY, Lu JL, Zhou YF, Qiu H, He R. Model uncertainty based annotation error fixing for web attack detection. Journal of Signal Processing Systems for Signal Image and Video Technology. 2021; 93 (2–3):187–199. doi: 10.1007/s11265-019-01494-1. [ CrossRef ] [ Google Scholar ]
Goode Sigi, Hoehle Hartmut, Venkatesh Viswanath, Brown Susan A. USER compensation as a data breach recovery action: An investigation of the sony playstation network breach. MIS Quarterly. 2017; 41 (3):703–727. doi: 10.25300/MISQ/2017/41.3.03. [ CrossRef ] [ Google Scholar ]
Guo H, Huang S, Huang C, Pan Z, Zhang M, Shi F. File entropy signal analysis combined with wavelet decomposition for malware classification. IEEE Access. 2020; 8 :158961–158971. doi: 10.1109/ACCESS.2020.3020330. [ CrossRef ] [ Google Scholar ]
Habib Maria, Aljarah Ibrahim, Faris Hossam. A Modified multi-objective particle swarm optimizer-based Lévy flight: An approach toward intrusion detection in Internet of Things. Arabian Journal for Science and Engineering. 2020; 45 (8):6081–6108. doi: 10.1007/s13369-020-04476-9. [ CrossRef ] [ Google Scholar ]
Hajj S, El Sibai R, Abdo JB, Demerjian J, Makhoul A, Guyeux C. Anomaly-based intrusion detection systems: The requirements, methods, measurements, and datasets. Transactions on Emerging Telecommunications Technologies. 2021; 32 (4):36. doi: 10.1002/ett.4240. [ CrossRef ] [ Google Scholar ]
Heartfield R, Loukas G, Bezemskij A, Panaousis E. Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning. IEEE Transactions on Information Forensics and Security. 2021; 16 :1720–1735. doi: 10.1109/tifs.2020.3042049. [ CrossRef ] [ Google Scholar ]
Hemo, B., T. Gafni, K. Cohen, and Q. Zhao. 2020. Searching for anomalies over composite hypotheses. IEEE Transactions on Signal Processing 68: 1181–1196. 10.1109/TSP.2020.2971438
Hindy H, Brosset D, Bayne E, Seeam AK, Tachtatzis C, Atkinson R, Bellekens X. A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access. 2020; 8 :104650–104675. doi: 10.1109/ACCESS.2020.3000179. [ CrossRef ] [ Google Scholar ]
Hong W, Huang D, Chen C, Lee J. Towards accurate and efficient classification of power system contingencies and cyber-attacks using recurrent neural networks. IEEE Access. 2020; 8 :123297–123309. doi: 10.1109/ACCESS.2020.3007609. [ CrossRef ] [ Google Scholar ]
Husák Martin, Zádník M, Bartos V, Sokol P. Dataset of intrusion detection alerts from a sharing platform. Data in Brief. 2020; 33 :106530. doi: 10.1016/j.dib.2020.106530. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
IBM Security. 2020. Cost of a Data breach Report. https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf . Accessed 19 May 2021.
IEEE. 2021. IEEE Quick Facts. https://www.ieee.org/about/at-a-glance.html . Accessed 11 May 2021.
Firat Ilhan, Kilincer Ertam Fatih, Abdulkadir Sengur. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks. 2021; 188 :107840. doi: 10.1016/j.comnet.2021.107840. [ CrossRef ] [ Google Scholar ]
Jaber AN, Ul Rehman S. FCM-SVM based intrusion detection system for cloud computing environment. Cluster Computing—the Journal of Networks Software Tools and Applications. 2020; 23 (4):3221–3231. doi: 10.1007/s10586-020-03082-6. [ CrossRef ] [ Google Scholar ]
Jacobs, J., S. Romanosky, B. Edwards, M. Roytman, and I. Adjerid. 2019. Exploit prediction scoring system (epss). arXiv:1908.04856
Jacobsen Annika, de Miranda Ricardo, Azevedo Nick Juty, Batista Dominique, Coles Simon, Cornet Ronald, Courtot Mélanie, Crosas Mercè, Dumontier Michel, Evelo Chris T, Goble Carole, Guizzardi Giancarlo, Hansen Karsten Kryger, Hasnain Ali, Hettne Kristina, Heringa Jaap, Hooft Rob W.W., Imming Melanie, Jeffery Keith G, Kaliyaperumal Rajaram, Kersloot Martijn G, Kirkpatrick Christine R, Kuhn Tobias, Labastida Ignasi, Magagna Barbara, McQuilton Peter, Meyers Natalie, Montesanti Annalisa, van Reisen Mirjam, Rocca-Serra Philippe, Pergl Robert, Sansone Susanna-Assunta, da Silva Luiz Olavo Bonino, Santos Juliane Schneider, Strawn George, Thompson Mark, Waagmeester Andra, Weigel Tobias, Wilkinson Mark D, Willighagen Egon L, Wittenburg Peter, Roos Marco, Mons Barend, Schultes Erik. FAIR principles: Interpretations and implementation considerations. Data Intelligence. 2020; 2 (1–2):10–29. doi: 10.1162/dint_r_00024. [ CrossRef ] [ Google Scholar ]
Jahromi AN, Hashemi S, Dehghantanha A, Parizi RM, Choo KKR. An enhanced stacked LSTM method with no random initialization for malware threat hunting in safety and time-critical systems. IEEE Transactions on Emerging Topics in Computational Intelligence. 2020; 4 (5):630–640. doi: 10.1109/TETCI.2019.2910243. [ CrossRef ] [ Google Scholar ]
Jang S, Li S, Sung Y. FastText-based local feature visualization algorithm for merged image-based malware classification framework for cyber security and cyber defense. Mathematics. 2020; 8 (3):13. doi: 10.3390/math8030460. [ CrossRef ] [ Google Scholar ]
Javeed D, Gao TH, Khan MT. SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT. Electronics. 2021; 10 (8):16. doi: 10.3390/electronics10080918. [ CrossRef ] [ Google Scholar ]
Johnson P, Gorton D, Lagerstrom R, Ekstedt M. Time between vulnerability disclosures: A measure of software product vulnerability. Computers & Security. 2016; 62 :278–295. doi: 10.1016/j.cose.2016.08.004. [ CrossRef ] [ Google Scholar ]
Johnson P, Lagerström R, Ekstedt M, Franke U. Can the common vulnerability scoring system be trusted? A Bayesian analysis. IEEE Transactions on Dependable and Secure Computing. 2018; 15 (6):1002–1015. doi: 10.1109/TDSC.2016.2644614. [ CrossRef ] [ Google Scholar ]
Junger Marianne, Wang Victoria, Schlömer Marleen. Fraud against businesses both online and offline: Crime scripts, business characteristics, efforts, and benefits. Crime Science. 2020; 9 (1):13. doi: 10.1186/s40163-020-00119-4. [ CrossRef ] [ Google Scholar ]
Kalutarage Harsha Kumara, Nguyen Hoang Nga, Shaikh Siraj Ahmed. Towards a threat assessment framework for apps collusion. Telecommunication Systems. 2017; 66 (3):417–430. doi: 10.1007/s11235-017-0296-1. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Kamarudin MH, Maple C, Watson T, Safa NS. A LogitBoost-based algorithm for detecting known and unknown web attacks. IEEE Access. 2017; 5 :26190–26200. doi: 10.1109/ACCESS.2017.2766844. [ CrossRef ] [ Google Scholar ]
Kasongo SM, Sun YX. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security. 2020; 92 :15. doi: 10.1016/j.cose.2020.101752. [ CrossRef ] [ Google Scholar ]
Keserwani Pankaj Kumar, Govil Mahesh Chandra, Pilli Emmanuel S, Govil Prajjval. A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model. Journal of Reliable Intelligent Environments. 2021; 7 (1):3–21. doi: 10.1007/s40860-020-00126-x. [ CrossRef ] [ Google Scholar ]
Keshk M, Sitnikova E, Moustafa N, Hu J, Khalil I. An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems. IEEE Transactions on Sustainable Computing. 2021; 6 (1):66–79. doi: 10.1109/TSUSC.2019.2906657. [ CrossRef ] [ Google Scholar ]
Khan IA, Pi DC, Bhatia AK, Khan N, Haider W, Wahab A. Generating realistic IoT-based IDS dataset centred on fuzzy qualitative modelling for cyber-physical systems. Electronics Letters. 2020; 56 (9):441–443. doi: 10.1049/el.2019.4158. [ CrossRef ] [ Google Scholar ]
Khraisat A, Gondal I, Vamplew P, Kamruzzaman J, Alazab A. Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics. 2020; 9 (1):18. doi: 10.3390/electronics9010173. [ CrossRef ] [ Google Scholar ]
Khraisat Ansam, Gondal Iqbal, Vamplew Peter, Kamruzzaman Joarder. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity. 2019; 2 (1):20. doi: 10.1186/s42400-019-0038-7. [ CrossRef ] [ Google Scholar ]
Kilincer IF, Ertam F, Sengur A. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks. 2021; 188 :16. doi: 10.1016/j.comnet.2021.107840. [ CrossRef ] [ Google Scholar ]
Kim D, Kim HK. Automated dataset generation system for collaborative research of cyber threat analysis. Security and Communication Networks. 2019; 2019 :10. doi: 10.1155/2019/6268476. [ CrossRef ] [ Google Scholar ]
Kim Gyeongmin, Lee Chanhee, Jo Jaechoon, Lim Heuiseok. Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network. International Journal of Machine Learning and Cybernetics. 2020; 11 (10):2341–2355. doi: 10.1007/s13042-020-01122-6. [ CrossRef ] [ Google Scholar ]
Kirubavathi G, Anitha R. Botnet detection via mining of traffic flow characteristics. Computers & Electrical Engineering. 2016; 50 :91–101. doi: 10.1016/j.compeleceng.2016.01.012. [ CrossRef ] [ Google Scholar ]
Kiwia D, Dehghantanha A, Choo KKR, Slaughter J. A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science. 2018; 27 :394–409. doi: 10.1016/j.jocs.2017.10.020. [ CrossRef ] [ Google Scholar ]
Koroniotis N, Moustafa N, Sitnikova E. A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework. Future Generation Computer Systems. 2020; 110 :91–106. doi: 10.1016/j.future.2020.03.042. [ CrossRef ] [ Google Scholar ]
Kruse Clemens Scott, Frederick Benjamin, Jacobson Taylor, Kyle Monticone D. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care. 2017; 25 (1):1–10. doi: 10.3233/THC-161263. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Kshetri N. The economics of cyber-insurance. IT Professional. 2018; 20 (6):9–14. doi: 10.1109/MITP.2018.2874210. [ CrossRef ] [ Google Scholar ]
Kumar R, Kumar P, Tripathi R, Gupta GP, Gadekallu TR, Srivastava G. SP2F: A secured privacy-preserving framework for smart agricultural Unmanned Aerial Vehicles. Computer Networks. 2021 doi: 10.1016/j.comnet.2021.107819. [ CrossRef ] [ Google Scholar ]
Kumar R, Tripathi R. DBTP2SF: A deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Transactions on Emerging Telecommunications Technologies. 2021; 32 (4):27. doi: 10.1002/ett.4222. [ CrossRef ] [ Google Scholar ]
Laso PM, Brosset D, Puentes J. Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data in Brief. 2017; 14 :186–191. doi: 10.1016/j.dib.2017.07.038. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Lee J, Kim J, Kim I, Han K. Cyber threat detection based on artificial neural networks using event profiles. IEEE Access. 2019; 7 :165607–165626. doi: 10.1109/ACCESS.2019.2953095. [ CrossRef ] [ Google Scholar ]
Lee SJ, Yoo PD, Asyhari AT, Jhi Y, Chermak L, Yeun CY, Taha K. IMPACT: Impersonation attack detection via edge computing using deep Autoencoder and feature abstraction. IEEE Access. 2020; 8 :65520–65529. doi: 10.1109/ACCESS.2020.2985089. [ CrossRef ] [ Google Scholar ]
Leong Yin-Yee, Chen Yen-Chih. Cyber risk cost and management in IoT devices-linked health insurance. The Geneva Papers on Risk and Insurance—Issues and Practice. 2020; 45 (4):737–759. doi: 10.1057/s41288-020-00169-4. [ CrossRef ] [ Google Scholar ]
Levi, M. 2017. Assessing the trends, scale and nature of economic cybercrimes: overview and Issues: In Cybercrimes, cybercriminals and their policing, in crime, law and social change. Crime, Law and Social Change 67 (1): 3–20. 10.1007/s10611-016-9645-3.
Li C, Mills K, Niu D, Zhu R, Zhang H, Kinawi H. Android malware detection based on factorization machine. IEEE Access. 2019; 7 :184008–184019. doi: 10.1109/ACCESS.2019.2958927. [ CrossRef ] [ Google Scholar ]
Li DQ, Li QM. Adversarial deep ensemble: evasion attacks and defenses for malware detection. IEEE Transactions on Information Forensics and Security. 2020; 15 :3886–3900. doi: 10.1109/tifs.2020.3003571. [ CrossRef ] [ Google Scholar ]
Li DQ, Li QM, Ye YF, Xu SH. A framework for enhancing deep neural networks against adversarial malware. IEEE Transactions on Network Science and Engineering. 2021; 8 (1):736–750. doi: 10.1109/tnse.2021.3051354. [ CrossRef ] [ Google Scholar ]
Li RH, Zhang C, Feng C, Zhang X, Tang CJ. Locating vulnerability in binaries using deep neural networks. IEEE Access. 2019; 7 :134660–134676. doi: 10.1109/access.2019.2942043. [ CrossRef ] [ Google Scholar ]
Li X, Xu M, Vijayakumar P, Kumar N, Liu X. Detection of low-frequency and multi-stage attacks in industrial Internet of Things. IEEE Transactions on Vehicular Technology. 2020; 69 (8):8820–8831. doi: 10.1109/TVT.2020.2995133. [ CrossRef ] [ Google Scholar ]
Liu HY, Lang B. Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences—Basel. 2019; 9 (20):28. doi: 10.3390/app9204396. [ CrossRef ] [ Google Scholar ]
Lopez-Martin M, Carro B, Sanchez-Esguevillas A. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications. 2020 doi: 10.1016/j.eswa.2019.112963. [ CrossRef ] [ Google Scholar ]
Loukas G, Gan D, Vuong Tuan. A review of cyber threats and defence approaches in emergency management. Future Internet. 2013; 5 :205–236. doi: 10.3390/fi5020205. [ CrossRef ] [ Google Scholar ]
Luo CC, Su S, Sun YB, Tan QJ, Han M, Tian ZH. A convolution-based system for malicious URLs detection. CMC—Computers Materials Continua. 2020; 62 (1):399–411. doi: 10.32604/cmc.2020.06507. [ CrossRef ] [ Google Scholar ]
Mahbooba B, Timilsina M, Sahal R, Serrano M. Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity. 2021; 2021 :11. doi: 10.1155/2021/6634811. [ CrossRef ] [ Google Scholar ]
Mahdavifar S, Ghorbani AA. DeNNeS: Deep embedded neural network expert system for detecting cyber attacks. Neural Computing & Applications. 2020; 32 (18):14753–14780. doi: 10.1007/s00521-020-04830-w. [ CrossRef ] [ Google Scholar ]
Mahfouz A, Abuhussein A, Venugopal D, Shiva S. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet. 2020; 12 (11):1–19. doi: 10.3390/fi12110180. [ CrossRef ] [ Google Scholar ]
Maleks Smith, Z., E. Lostri, and J.A. Lewis. 2020. The hidden costs of cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf . Accessed 16 May 2021.
Malik J, Akhunzada A, Bibi I, Imran M, Musaddiq A, Kim SW. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access. 2020; 8 :134695–134706. doi: 10.1109/ACCESS.2020.3009849. [ CrossRef ] [ Google Scholar ]
Manimurugan S. IoT-Fog-Cloud model for anomaly detection using improved Naive Bayes and principal component analysis. Journal of Ambient Intelligence and Humanized Computing. 2020 doi: 10.1007/s12652-020-02723-3. [ CrossRef ] [ Google Scholar ]
Martin A, Lara-Cabrera R, Camacho D. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. Information Fusion. 2019; 52 :128–142. doi: 10.1016/j.inffus.2018.12.006. [ CrossRef ] [ Google Scholar ]
Mauro MD, Galatro G, Liotta A. Experimental review of neural-based approaches for network intrusion management. IEEE Transactions on Network and Service Management. 2020; 17 (4):2480–2495. doi: 10.1109/TNSM.2020.3024225. [ CrossRef ] [ Google Scholar ]
McLeod A, Dolezel D. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems. 2018; 108 :57–68. doi: 10.1016/j.dss.2018.02.007. [ CrossRef ] [ Google Scholar ]
Meira J, Andrade R, Praca I, Carneiro J, Bolon-Canedo V, Alonso-Betanzos A, Marreiros G. Performance evaluation of unsupervised techniques in cyber-attack anomaly detection. Journal of Ambient Intelligence and Humanized Computing. 2020; 11 (11):4477–4489. doi: 10.1007/s12652-019-01417-9. [ CrossRef ] [ Google Scholar ]
Miao Y, Ma J, Liu X, Weng J, Li H, Li H. Lightweight fine-grained search over encrypted data in Fog computing. IEEE Transactions on Services Computing. 2019; 12 (5):772–785. doi: 10.1109/TSC.2018.2823309. [ CrossRef ] [ Google Scholar ]
Miller, C., and C. Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (S 91).
Mireles JD, Ficke E, Cho JH, Hurley P, Xu SH. Metrics towards measuring cyber agility. IEEE Transactions on Information Forensics and Security. 2019; 14 (12):3217–3232. doi: 10.1109/tifs.2019.2912551. [ CrossRef ] [ Google Scholar ]
Mishra N, Pandya S. Internet of Things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review. IEEE Access. 2021 doi: 10.1109/ACCESS.2021.3073408. [ CrossRef ] [ Google Scholar ]
Monshizadeh M, Khatri V, Atli BG, Kantola R, Yan Z. Performance evaluation of a combined anomaly detection platform. IEEE Access. 2019; 7 :100964–100978. doi: 10.1109/ACCESS.2019.2930832. [ CrossRef ] [ Google Scholar ]
Moreno VC, Reniers G, Salzano E, Cozzani V. Analysis of physical and cyber security-related events in the chemical and process industry. Process Safety and Environmental Protection. 2018; 116 :621–631. doi: 10.1016/j.psep.2018.03.026. [ CrossRef ] [ Google Scholar ]
Moro ED. Towards an economic cyber loss index for parametric cover based on IT security indicator: A preliminary analysis. Risks. 2020 doi: 10.3390/risks8020045. [ CrossRef ] [ Google Scholar ]
Moustafa N, Adi E, Turnbull B, Hu J. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access. 2018; 6 :32910–32924. doi: 10.1109/ACCESS.2018.2844794. [ CrossRef ] [ Google Scholar ]
Moustakidis S, Karlsson P. A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity. 2020 doi: 10.1186/s42400-020-00056-4. [ CrossRef ] [ Google Scholar ]
Mukhopadhyay Arunabha, Chatterjee Samir, Bagchi Kallol K, Kirs Peteer J, Shukla Girja K. Cyber Risk Assessment and Mitigation (CRAM) framework using Logit and Probit models for cyber insurance. Information Systems Frontiers. 2019; 21 (5):997–1018. doi: 10.1007/s10796-017-9808-5. [ CrossRef ] [ Google Scholar ]
Murphey, H. 2021a. Biden signs executive order to strengthen US cyber security. https://www.ft.com/content/4d808359-b504-4014-85f6-68e7a2851bf1?accessToken=zwAAAXl0_ifgkc9NgINZtQRAFNOF9mjnooUb8Q.MEYCIQDw46SFWsMn1iyuz3kvgAmn6mxc0rIVfw10Lg1ovJSfJwIhAK2X2URzfSqHwIS7ddRCvSt2nGC2DcdoiDTG49-4TeEt&sharetype=gift?token=fbcd6323-1ecf-4fc3-b136-b5b0dd6a8756 . Accessed 7 May 2021.
Murphey, H. 2021b. Millions of connected devices have security flaws, study shows. https://www.ft.com/content/0bf92003-926d-4dee-87d7-b01f7c3e9621?accessToken=zwAAAXnA7f2Ikc8L-SADkm1N7tOH17AffD6WIQ.MEQCIDjBuROvhmYV0Mx3iB0cEV7m5oND1uaCICxJu0mzxM0PAiBam98q9zfHiTB6hKGr1gGl0Azt85yazdpX9K5sI8se3Q&sharetype=gift?token=2538218d-77d9-4dd3-9649-3cb556a34e51 . Accessed 6 May 2021.
Murugesan V, Shalinie M, Yang MH. Design and analysis of hybrid single packet IP traceback scheme. IET Networks. 2018; 7 (3):141–151. doi: 10.1049/iet-net.2017.0115. [ CrossRef ] [ Google Scholar ]
Mwitondi KS, Zargari SA. An iterative multiple sampling method for intrusion detection. Information Security Journal. 2018; 27 (4):230–239. doi: 10.1080/19393555.2018.1539790. [ CrossRef ] [ Google Scholar ]
Neto NN, Madnick S, De Paula AMG, Borges NM. Developing a global data breach database and the challenges encountered. ACM Journal of Data and Information Quality. 2021; 13 (1):33. doi: 10.1145/3439873. [ CrossRef ] [ Google Scholar ]
Nurse, J.R.C., L. Axon, A. Erola, I. Agrafiotis, M. Goldsmith, and S. Creese. 2020. The data that drives cyber insurance: A study into the underwriting and claims processes. In 2020 International conference on cyber situational awareness, data analytics and assessment (CyberSA), 15–19 June 2020.
Oliveira N, Praca I, Maia E, Sousa O. Intelligent cyber attack detection and classification for network-based intrusion detection systems. Applied Sciences—Basel. 2021; 11 (4):21. doi: 10.3390/app11041674. [ CrossRef ] [ Google Scholar ]
Page Matthew J, McKenzie Joanne E, Bossuyt Patrick M, Boutron Isabelle, Hoffmann Tammy C, Mulrow Cynthia D, Shamseer Larissa, Tetzlaff Jennifer M, Akl Elie A, Brennan Sue E, Chou Roger, Glanville Julie, Grimshaw Jeremy M, Hróbjartsson Asbjørn, Lalu Manoj M, Li Tianjing, Loder Elizabeth W, Mayo-Wilson Evan, McDonald Steve, McGuinness Luke A, Stewart Lesley A, Thomas James, Tricco Andrea C, Welch Vivian A, Whiting Penny, Moher David. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews. 2021; 10 (1):89. doi: 10.1186/s13643-021-01626-4. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Pajouh HH, Javidan R, Khayami R, Dehghantanha A, Choo KR. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Transactions on Emerging Topics in Computing. 2019; 7 (2):314–323. doi: 10.1109/TETC.2016.2633228. [ CrossRef ] [ Google Scholar ]
Parra GD, Rad P, Choo KKR, Beebe N. Detecting Internet of Things attacks using distributed deep learning. Journal of Network and Computer Applications. 2020; 163 :13. doi: 10.1016/j.jnca.2020.102662. [ CrossRef ] [ Google Scholar ]
Paté-Cornell ME, Kuypers M, Smith M, Keller P. Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis. 2018; 38 (2):226–241. doi: 10.1111/risa.12844. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Pooser, D.M., M.J. Browne, and O. Arkhangelska. 2018. Growth in the perception of cyber risk: evidence from U.S. P&C Insurers. The Geneva Papers on Risk and Insurance—Issues and Practice 43 (2): 208–223. 10.1057/s41288-017-0077-9.
Pu, G., L. Wang, J. Shen, and F. Dong. 2021. A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology 26 (2): 146–153. 10.26599/TST.2019.9010051.
Qiu J, Luo W, Pan L, Tai Y, Zhang J, Xiang Y. Predicting the impact of android malicious samples via machine learning. IEEE Access. 2019; 7 :66304–66316. doi: 10.1109/ACCESS.2019.2914311. [ CrossRef ] [ Google Scholar ]
Qu X, Yang L, Guo K, Sun M, Ma L, Feng T, Ren S, Li K, Ma X. Direct batch growth hierarchical self-organizing mapping based on statistics for efficient network intrusion detection. IEEE Access. 2020; 8 :42251–42260. doi: 10.1109/ACCESS.2020.2976810. [ CrossRef ] [ Google Scholar ]
Shafiur Rahman, Md, Sajal Halder Md, Uddin Ashraf, Acharjee Uzzal Kumar. An efficient hybrid system for anomaly detection in social networks. Cybersecurity. 2021; 4 (1):10. doi: 10.1186/s42400-021-00074-w. [ CrossRef ] [ Google Scholar ]
Ramaiah M, Chandrasekaran V, Ravi V, Kumar N. An intrusion detection system using optimized deep neural network architecture. Transactions on Emerging Telecommunications Technologies. 2021; 32 (4):17. doi: 10.1002/ett.4221. [ CrossRef ] [ Google Scholar ]
Raman, M.R.G., K. Kannan, S.K. Pal, and V.S.S. Sriram. 2016. Rough set-hypergraph-based feature selection approach for intrusion detection systems. Defence Science Journal 66 (6): 612–617. 10.14429/dsj.66.10802.
Rathore, S., J.H. Park. 2018. Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing 72: 79–89. 10.1016/j.asoc.2018.05.049.
Romanosky Sasha, Ablon Lillian, Kuehn Andreas, Jones Therese. Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity (oxford) 2019; 5 (1):tyz002. [ Google Scholar ]
Sarabi A, Naghizadeh P, Liu Y, Liu M. Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity. 2016; 2 (1):15–28. doi: 10.1093/cybsec/tyw004. [ CrossRef ] [ Google Scholar ]
Sardi Alberto, Rizzi Alessandro, Sorano Enrico, Guerrieri Anna. Cyber risk in health facilities: A systematic literature review. Sustainability. 2021; 12 (17):7002. doi: 10.3390/su12177002. [ CrossRef ] [ Google Scholar ]
Sarker Iqbal H, Kayes ASM, Badsha Shahriar, Alqahtani Hamed, Watters Paul, Ng Alex. Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data. 2020; 7 (1):41. doi: 10.1186/s40537-020-00318-5. [ CrossRef ] [ Google Scholar ]
Scopus. 2021. Factsheet. https://www.elsevier.com/__data/assets/pdf_file/0017/114533/Scopus_GlobalResearch_Factsheet2019_FINAL_WEB.pdf . Accessed 11 May 2021.
Sentuna A, Alsadoon A, Prasad PWC, Saadeh M, Alsadoon OH. A novel Enhanced Naïve Bayes Posterior Probability (ENBPP) using machine learning: Cyber threat analysis. Neural Processing Letters. 2021; 53 (1):177–209. doi: 10.1007/s11063-020-10381-x. [ CrossRef ] [ Google Scholar ]
Shaukat K, Luo SH, Varadharajan V, Hameed IA, Chen S, Liu DX, Li JM. Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies. 2020; 13 (10):27. doi: 10.3390/en13102509. [ CrossRef ] [ Google Scholar ]
Sheehan B, Murphy F, Mullins M, Ryan C. Connected and autonomous vehicles: A cyber-risk classification framework. Transportation Research Part a: Policy and Practice. 2019; 124 :523–536. doi: 10.1016/j.tra.2018.06.033. [ CrossRef ] [ Google Scholar ]
Sheehan Barry, Murphy Finbarr, Kia Arash N, Kiely Ronan. A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research. 2021; 24 (12):1619–1638. doi: 10.1080/13669877.2021.1900337. [ CrossRef ] [ Google Scholar ]
Shlomo A, Kalech M, Moskovitch R. Temporal pattern-based malicious activity detection in SCADA systems. Computers & Security. 2021; 102 :17. doi: 10.1016/j.cose.2020.102153. [ CrossRef ] [ Google Scholar ]
Singh KJ, De T. Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems. 2020; 29 (1):71–83. doi: 10.1515/jisys-2017-0472. [ CrossRef ] [ Google Scholar ]
Skrjanc I, Ozawa S, Ban T, Dovzan D. Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering. Applied Soft Computing. 2018; 62 :592–601. doi: 10.1016/j.asoc.2017.11.008. [ CrossRef ] [ Google Scholar ]
Smart, W. 2018. Lessons learned review of the WannaCry Ransomware Cyber Attack. https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf . Accessed 7 May 2021.
Sornette D, Maillart T, Kröger W. Exploring the limits of safety analysis in complex technological systems. International Journal of Disaster Risk Reduction. 2013; 6 :59–66. doi: 10.1016/j.ijdrr.2013.04.002. [ CrossRef ] [ Google Scholar ]
Sovacool Benjamin K. The costs of failure: A preliminary assessment of major energy accidents, 1907–2007. Energy Policy. 2008; 36 (5):1802–1820. doi: 10.1016/j.enpol.2008.01.040. [ CrossRef ] [ Google Scholar ]
SpringerLink. 2021. Journal Search. https://rd.springer.com/search?facet-content-type=%22Journal%22 . Accessed 11 May 2021.
Stojanovic B, Hofer-Schmitz K, Kleb U. APT datasets and attack modeling for automated detection methods: A review. Computers & Security. 2020; 92 :19. doi: 10.1016/j.cose.2020.101734. [ CrossRef ] [ Google Scholar ]
Subroto A, Apriyana A. Cyber risk prediction through social media big data analytics and statistical machine learning. Journal of Big Data. 2019 doi: 10.1186/s40537-019-0216-1. [ CrossRef ] [ Google Scholar ]
Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers. 2015; 64 (9):2519–2533. doi: 10.1109/TC.2014.2375218. [ CrossRef ] [ Google Scholar ]
Tidy, J. 2021. Irish cyber-attack: Hackers bail out Irish health service for free. https://www.bbc.com/news/world-europe-57197688 . Accessed 6 May 2021.
Tuncer T, Ertam F, Dogan S. Automated malware recognition method based on local neighborhood binary pattern. Multimedia Tools and Applications. 2020; 79 (37–38):27815–27832. doi: 10.1007/s11042-020-09376-6. [ CrossRef ] [ Google Scholar ]
Uhm Y, Pak W. Service-aware two-level partitioning for machine learning-based network intrusion detection with high performance and high scalability. IEEE Access. 2021; 9 :6608–6622. doi: 10.1109/ACCESS.2020.3048900. [ CrossRef ] [ Google Scholar ]
Ulven JB, Wangen G. A systematic review of cybersecurity risks in higher education. Future Internet. 2021; 13 (2):1–40. doi: 10.3390/fi13020039. [ CrossRef ] [ Google Scholar ]
Vaccari I, Chiola G, Aiello M, Mongelli M, Cambiaso E. MQTTset, a new dataset for machine learning techniques on MQTT. Sensors. 2020; 20 (22):17. doi: 10.3390/s20226578. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Valeriano B, Maness RC. The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research. 2014; 51 (3):347–360. doi: 10.1177/0022343313518940. [ CrossRef ] [ Google Scholar ]
Varghese JE, Muniyal B. An Efficient IDS framework for DDoS attacks in SDN environment. IEEE Access. 2021; 9 :69680–69699. doi: 10.1109/ACCESS.2021.3078065. [ CrossRef ] [ Google Scholar ]
Varsha M. V., Vinod P., Dhanya K. A. Identification of malicious android app using manifest and opcode features. Journal of Computer Virology and Hacking Techniques. 2017; 13 (2):125–138. doi: 10.1007/s11416-016-0277-z. [ CrossRef ] [ Google Scholar ]
Velliangiri S, Pandey HM. Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Generation Computer Systems—the International Journal of Escience. 2020; 110 :80–90. doi: 10.1016/j.future.2020.03.049. [ CrossRef ] [ Google Scholar ]
Verma A, Ranga V. Machine learning based intrusion detection systems for IoT applications. Wireless Personal Communications. 2020; 111 (4):2287–2310. doi: 10.1007/s11277-019-06986-8. [ CrossRef ] [ Google Scholar ]
Vidros S, Kolias C, Kambourakis G, Akoglu L. Automatic detection of online recruitment frauds: Characteristics, methods, and a public dataset. Future Internet. 2017; 9 (1):19. doi: 10.3390/fi9010006. [ CrossRef ] [ Google Scholar ]
Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S. Deep learning approach for intelligent intrusion detection system. IEEE Access. 2019; 7 :41525–41550. doi: 10.1109/access.2019.2895334. [ CrossRef ] [ Google Scholar ]
Walker-Roberts S, Hammoudeh M, Aldabbas O, Aydin M, Dehghantanha A. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. Journal of Supercomputing. 2020; 76 (4):2643–2664. doi: 10.1007/s11227-019-03028-9. [ CrossRef ] [ Google Scholar ]
Web of Science. 2021. Web of Science: Science Citation Index Expanded. https://clarivate.com/webofsciencegroup/solutions/webofscience-scie/ . Accessed 11 May 2021.
World Economic Forum. 2020. WEF Global Risk Report. http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf . Accessed 13 May 2020.
Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C. Machine learning and deep learning methods for cybersecurity. IEEE Access. 2018; 6 :35365–35381. doi: 10.1109/ACCESS.2018.2836950. [ CrossRef ] [ Google Scholar ]
Xu, C., J. Zhang, K. Chang, and C. Long. 2013. Uncovering collusive spammers in Chinese review websites. In Proceedings of the 22nd ACM international conference on Information & Knowledge Management.
Yang J, Li T, Liang G, He W, Zhao Y. A Simple recurrent unit model based intrusion detection system with DCGAN. IEEE Access. 2019; 7 :83286–83296. doi: 10.1109/ACCESS.2019.2922692. [ CrossRef ] [ Google Scholar ]
Yuan BG, Wang JF, Liu D, Guo W, Wu P, Bao XH. Byte-level malware classification based on Markov images and deep learning. Computers & Security. 2020; 92 :12. doi: 10.1016/j.cose.2020.101740. [ CrossRef ] [ Google Scholar ]
Zhang S, Ou XM, Caragea D. Predicting cyber risks through national vulnerability database. Information Security Journal. 2015; 24 (4–6):194–206. doi: 10.1080/19393555.2015.1111961. [ CrossRef ] [ Google Scholar ]
Zhang Ying, Li Peisong, Wang Xinheng. Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access. 2019; 7 :31711–31722. doi: 10.1109/ACCESS.2019.2903723. [ CrossRef ] [ Google Scholar ]
Zheng, Muwei, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. 2018. Cybersecurity research datasets: taxonomy and empirical analysis. In 11th {USENIX} workshop on cyber security experimentation and test ({CSET} 18).
Zhou X, Liang W, Shimizu S, Ma J, Jin Q. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics. 2021; 17 (8):5790–5798. doi: 10.1109/TII.2020.3047675. [ CrossRef ] [ Google Scholar ]
Zhou YY, Cheng G, Jiang SQ, Dai M. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks. 2020; 174 :17. doi: 10.1016/j.comnet.2020.107247. [ CrossRef ] [ Google Scholar ]

Cybersecurity trends: Looking over the horizon

Cybersecurity has always been a never-ending race, but the rate of change is accelerating. Companies are continuing to invest in technology to run their businesses. Now, they are layering more systems into their IT networks to support remote work, enhance the customer experience, and generate value, all of which creates potential new vulnerabilities.

About the authors

This article is a collaborative effort by Jim Boehm , Dennis Dias, Charlie Lewis, Kathleen Li, and Daniel Wallance, representing views from McKinsey’s Risk & Resilience Practice.

At the same time, adversaries—no longer limited to individual actors—include highly sophisticated organizations that leverage integrated tools and capabilities with artificial intelligence and machine learning. The scope of the threat is growing, and no organization is immune. Small and midsize enterprises, municipalities, and state and federal governments face such risks along with large companies. Even today’s most sophisticated cybercontrols, no matter how effective, will soon be obsolete.

In this environment, leadership must answer key questions: “Are we prepared for accelerated digitization in the next three to five years?” and, more specifically, “Are we looking far enough forward to understand how today’s technology investments will have cybersecurity implications in the future?” (Exhibit 1).

McKinsey’s work helping global organizations reinforce their cyberdefenses shows that many companies recognize the need to achieve a step change in their capabilities for cybersecurity and to ensure the resilience of their technology. The solution is to reinforce their defenses by looking forward—anticipating the emerging cyberthreats of the future and understanding the slew of new defensive capabilities that companies can use today and others they can plan to use tomorrow (see sidebar, “Maintaining vigilance over time”).

Maintaining vigilance over time

Proactively mitigating cybersecurity threats and evaluating over-the-horizon cybersecurity capabilities is not a one-time process. It requires ongoing vigilance and a structured approach to ensure that organizations proactively scan the environment and adjust their cyber stance accordingly. We see leading organizations adopting a three-step process:

Validate cybercontrols—especially emerging ones—technically to ensure your readiness for evolving threats and technologies.
Challenge your cyberstrategy to refresh the road map with emerging capabilities and approaches.
Adopt a formal program of record to continually review your cyberstrategy, technologies, and processes against shifts in cybersecurity trends.

Three cybersecurity trends with large-scale implications

Companies can address and mitigate the disruptions of the future only by taking a more proactive, forward-looking stance—starting today. Over the next three to five years, we expect three major cybersecurity trends that cross-cut multiple technologies to have the biggest implications for organizations.

1. On-demand access to ubiquitous data and information platforms is growing

Mobile platforms, remote work, and other shifts increasingly hinge on high-speed access to ubiquitous and large data sets, exacerbating the likelihood of a breach. The marketplace for web-hosting services is expected to generate $183.18 billion by 2026. 1 Fortune Business Insight. Organizations collect far more data about customers—everything from financial transactions to electricity consumption to social-media views—to understand and influence purchasing behavior and more effectively forecast demand. In 2020, on average, every person on Earth created 1.7 megabytes of data each second. 2 “Data never sleeps 6.0,” Domo. With the greater importance of the cloud, enterprises are increasingly responsible for storing, managing, and protecting these data 3 John Gantz, David Reinsel, and John Rydning, The digitization of the world: From edge to core , IDC, November 2018. and for meeting the challenges of explosive data volumes. To execute such business models, companies need new technology platforms, including data lakes that can aggregate information, such as the channel assets of vendors and partners, across environments. Companies are not only gathering more data but also centralizing them, storing them on the cloud, and granting access to an array of people and organizations, including third parties such as suppliers.

Many recent high-profile attacks exploited this expanded data access. The Sunburst hack, in 2020, entailed malicious code spread to customers during regular software updates. Similarly, attackers in early 2020 used compromised employee credentials from a top hotel chain’s third-party application to access more than five million guest records. 4 David Uberti, “Marriott reveals breach that exposed data of up to 5.2 million customers,” Wall Street Journal , March 31, 2020.

2. Hackers are using AI, machine learning, and other technologies to launch increasingly sophisticated attacks

The stereotypical hacker working alone is no longer the main threat. Today, cyberhacking is a multibillion-dollar enterprise, 5 “Cybersecurity: Hacking has become a $300 billion dollar industry,” InsureTrust. complete with institutional hierarchies and R&D budgets. Attackers use advanced tools, such as artificial intelligence, machine learning, and automation. Over the next several years, they will be able to expedite—from weeks to days or hours—the end-to-end attack life cycle, from reconnaissance through exploitation. For example, Emotet, an advanced form of malware targeting banks, can change the nature of its attacks. In 2020, leveraging advanced AI and machine-learning techniques to increase its effectiveness, it used an automated process to send out contextualized phishing emails that hijacked other email threats—some linked to COVID-19 communications.

Other technologies and capabilities are making already known forms of attacks, such as ransomware and phishing, more prevalent. Ransomware as a service and cryptocurrencies have substantially reduced the cost of launching ransomware attacks, whose number has doubled each year since 2019. Other types of disruptions often trigger a spike in these attacks. During the initial wave of COVID-19, from February 2020 to March 2020, the number of ransomware attacks in the world as a whole spiked by 148 percent, for example. 6 VMware security blog , “Amid COVID-19, global orgs see a 148% spike in ransomware attacks; finance industry heavily targeted,” April 15, 2020. Phishing attacks increased by 510 percent from January to February 2020. 7 Brian Carlson, “Top cybersecurity statistics, trends, and facts,” CSO, October 7, 2021.

3. Ever-growing regulatory landscape and continued gaps in resources, knowledge, and talent will outpace cybersecurity

Many organizations lack sufficient cybersecurity talent, knowledge, and expertise —and the shortfall is growing. Broadly, cyberrisk management has not kept pace with the proliferation of digital and analytics transformations, and many companies are not sure how to identify and manage digital risks. Compounding the challenge, regulators are increasing their guidance of corporate cybersecurity capabilities—often with the same level of oversight and focus applied to credit and liquidity risks in financial services and to operational and physical-security risks in critical infrastructure.

Cyberrisk management has not kept pace with the proliferation of digital and analytics transformations, and many companies are not sure how to identify and manage digital risks.

At the same time, companies face stiffer compliance requirements—a result of growing privacy concerns and high-profile breaches. There are now approximately 100 cross-border data flow regulations. Cybersecurity teams are managing additional data and reporting requirements stemming from the White House Executive Order on Improving the Nation’s Cybersecurity and the advent of mobile-phone operating systems that ask users how they want data from each individual application to be used.

Building over-the-horizon defensive capabilities

For each of these shifts, we see defensive capabilities that organizations can develop to mitigate the risk and impact of future cyberthreats. To be clear, these capabilities are not perfectly mapped to individual shifts, and many apply to more than one. Management teams should consider all of these capabilities and focus on those most relevant to the unique situation and context of their companies (Exhibit 2).

Responses to trend one: Zero-trust capabilities and large data sets for security purposes

Mitigating the cybersecurity risks of on-demand access to ubiquitous data requires four cybersecurity capabilities: zero-trust capabilities, behavioral analytics, elastic log monitoring, and homomorphic encryption.

Zero-trust architecture (ZTA). Across industrial nations, approximately 25 percent of all workers now work remotely three to five days a week. 8 Global surveys of consumer sentiment during the coronavirus crisis , McKinsey. Hybrid and remote work, increased cloud access, and Internet of Things (IoT) integration create potential vulnerabilities. A ZTA shifts the focus of cyberdefense away from the static perimeters around physical networks and toward users, assets, and resources, thus mitigating the risk from decentralized data. Access is more granularly enforced by policies: even if users have access to the data environment, they may not have access to sensitive data. Organizations should tailor the adoption of zero-trust capabilities to the threat and risk landscape they actually face and to their business objectives. They should also consider standing up red-team testing to validate the effectiveness and coverage of their zero-trust capabilities.

Behavioral analytics. Employees are a key vulnerability for organizations. Analytics solutions can monitor attributes such as access requests or the health of devices and establish a baseline to identify anomalous intentional or unintentional user behavior or device activity. These tools can not only enable risk-based authentication and authorization but also orchestrate preventive and incident response measures.

Elastic log monitoring for large data sets. Massive data sets and decentralized logs resulting from advances such as big data and IoT complicate the challenge of monitoring activity. Elastic log monitoring is a solution based on several open-source platforms that, when combined, allow companies to pull log data from anywhere in the organization into a single location and then to search, analyze, and visualize the data in real time. Native log-sampling features in core tools can ease an organization’s log management burden and clarify potential compromises.

Homomorphic encryption. This technology allows users to work with encrypted data without first decrypting and thus gives third parties and internal collaborators safer access to large data sets. It also helps companies meet more stringent data privacy requirements. Recent breakthroughs in computational capacity and performance now make homomorphic encryption practical for a wider range of applications.

Responses to trend two: Using automation to combat increasingly sophisticated cyberattacks

To counter more sophisticated attacks driven by AI and other advanced capabilities, organizations should take a risk-based approach to automation and automatic responses to attacks. Automation should focus on defensive capabilities like security operations center (SOC) countermeasures and labor-intensive activities, such as identity and access management (IAM) and reporting. AI and machine learning should be used to stay abreast of changing attack patterns. Finally, the development of both automated technical and automatic organizational responses to ransomware threats helps mitigate risk in the event of an attack.

Automation implemented through a risk-based approach. As the level of digitization accelerates, organizations can use automation to handle lower-risk and rote processes, freeing up resources for higher-value activities. Critically, automation decisions should be based on risk assessments and segmentation to ensure that additional vulnerabilities are not inadvertently created. For example, organizations can apply automated patching, configuration, and software upgrades to low-risk assets but use more direct oversight for higher-risk ones.

Use of defensive AI and machine learning for cybersecurity. Much as attackers adopt AI and machine-learning techniques, cybersecurity teams will need to evolve and scale up the same capabilities. Specifically, organizations can use these technologies and outlier patterns to detect and remediate noncompliant systems. Teams can also leverage machine learning to optimize workflows and technology stacks so that resources are used in the most effective way over time.

Technical and organizational responses to ransomware. As the sophistication, frequency, and range of ransomware attacks increase, organizations must respond with technical and operational changes. The technical changes include using resilient data repositories and infrastructure, automated responses to malicious encryption, and advanced multifactor authentication to limit the potential impact of an attack, as well as continually addressing cyber hygiene. The organizational changes include conducting tabletop exercises, developing detailed and multidimensional playbooks, and preparing for all options and contingencies—including executive response decisions—to make the business response automatic.

Responses to trend three: Embedding security in technology capabilities to address ever-growing regulatory scrutiny and resource gaps

Increased regulatory scrutiny and gaps in knowledge, talent, and expertise reinforce the need to build and embed security in technology capabilities as they are designed, built, and implemented. What’s more, capabilities such as security as code and a software bill of materials help organizations to deploy security capabilities and stay ahead of the inquiries of regulators.

Secure software development. Rather than treating cybersecurity as an afterthought, companies should embed it in the design of software from inception, including the use of a software bill of materials (described below). One important way to create a secure software development life cycle (SSDLC) is to have security and technology risk teams engage with developers throughout each stage of development. Another is to ensure that developers learn certain security capabilities best employed by development teams themselves (for instance, threat modeling, code and infrastructure scanning, and static and dynamic testing). Depending on the activity, some security teams can shift to agile product approaches, some can adopt a hybrid approach based on agile-kanban tickets, and some—especially highly specialized groups, such as penetration testers and security architects—can “flow to work” in alignment with agile sprints and ceremonies.

Taking advantage of X as a service. Migrating workloads and infrastructure to third-party cloud environments (such as platform as a service, infrastructure as a service, and hyperscale providers) can better secure organizational resources and simplify management for cyberteams. Cloud providers not only handle many routine security, patching, and maintenance activities but also offer automation capabilities and scalable services. Some organizations seek to consolidate vendors for the sake of simplicity, but it can also be important to diversify partners strategically to limit exposure to performance or availability issues.

Infrastructure and security as code. Standardizing and codifying infrastructure and control-engineering processes can simplify the management of hybrid and multicloud environments and increase the system’s resilience. This approach enables processes such as orchestrated patching, as well as rapid provisioning and deprovisioning.

Software bill of materials. As compliance requirements grow, organizations can mitigate the administrative burden by formally detailing all components and supply chain relationships used in software. Like a detailed bill of materials, this documentation would list open-source and third-party components in a codebase through new software development processes, code-scanning tools, industry standards, and supply chain requirements. In addition to mitigating supply chain risks, detailed software documentation helps ensure that security teams are prepared for regulatory inquiries.

Digital disruption is inevitable and will lead to rapid technology-driven change. As organizations make large-scale investments in technology—whether in the spirit of innovation or from necessity—they must be aware of the associated cyberrisks. Attackers are exploiting the vulnerabilities that new technologies introduce, and even the best cybercontrols rapidly become obsolete in this accelerating digital world. Organizations that seek to position themselves most effectively for the next five years will need to take a relentless and proactive approach to building over-the-horizon defensive capabilities.

Jim Boehm is a partner in McKinsey’s Washington, DC, office; Charlie Lewis is an associate partner in the Stamford office; and Kathleen Li is a specialist in the New York office, where Daniel Wallance is an associate partner. Dennis Dias is a senior adviser of McKinsey.

Explore a career with us

Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity

Safeguarding against cyberattack in an increasingly digital world

Organizational cyber maturity: A survey of industries

IEEE Account

Change Username/Password
Update Address

Purchase Details

Payment Options
Order History
View Purchased Documents

Profile Information

Communications Preferences
Profession and Education
Technical Interests
US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support
About IEEE Xplore
Accessibility
Terms of Use
Nondiscrimination Policy
Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Home » 500+ Cyber Security Research Topics

500+ Cyber Security Research Topics

Cybersecurity has become an increasingly important topic in recent years as more and more of our lives are spent online. With the rise of the digital age, there has been a corresponding increase in the number and severity of cyber attacks. As such, research into cybersecurity has become critical in order to protect individuals, businesses, and governments from these threats. In this blog post, we will explore some of the most pressing cybersecurity research topics, from the latest trends in cyber attacks to emerging technologies that can help prevent them. Whether you are a cybersecurity professional, a Master’s or Ph.D. student, or simply interested in the field, this post will provide valuable insights into the challenges and opportunities in this rapidly evolving area of study.

Cyber Security Research Topics

Cyber Security Research Topics are as follows:

The role of machine learning in detecting cyber threats
The impact of cloud computing on cyber security
Cyber warfare and its effects on national security
The rise of ransomware attacks and their prevention methods
Evaluating the effectiveness of network intrusion detection systems
The use of blockchain technology in enhancing cyber security
Investigating the role of cyber security in protecting critical infrastructure
The ethics of hacking and its implications for cyber security professionals
Developing a secure software development lifecycle (SSDLC)
The role of artificial intelligence in cyber security
Evaluating the effectiveness of multi-factor authentication
Investigating the impact of social engineering on cyber security
The role of cyber insurance in mitigating cyber risks
Developing secure IoT (Internet of Things) systems
Investigating the challenges of cyber security in the healthcare industry
Evaluating the effectiveness of penetration testing
Investigating the impact of big data on cyber security
The role of quantum computing in breaking current encryption methods
Developing a secure BYOD (Bring Your Own Device) policy
The impact of cyber security breaches on a company’s reputation
The role of cyber security in protecting financial transactions
Evaluating the effectiveness of anti-virus software
The use of biometrics in enhancing cyber security
Investigating the impact of cyber security on the supply chain
The role of cyber security in protecting personal privacy
Developing a secure cloud storage system
Evaluating the effectiveness of firewall technologies
Investigating the impact of cyber security on e-commerce
The role of cyber security in protecting intellectual property
Developing a secure remote access policy
Investigating the challenges of securing mobile devices
The role of cyber security in protecting government agencies
Evaluating the effectiveness of cyber security training programs
Investigating the impact of cyber security on the aviation industry
The role of cyber security in protecting online gaming platforms
Developing a secure password management system
Investigating the challenges of securing smart homes
The impact of cyber security on the automotive industry
The role of cyber security in protecting social media platforms
Developing a secure email system
Evaluating the effectiveness of encryption methods
Investigating the impact of cyber security on the hospitality industry
The role of cyber security in protecting online education platforms
Developing a secure backup and recovery strategy
Investigating the challenges of securing virtual environments
The impact of cyber security on the energy sector
The role of cyber security in protecting online voting systems
Developing a secure chat platform
Investigating the impact of cyber security on the entertainment industry
The role of cyber security in protecting online dating platforms
Artificial Intelligence and Machine Learning in Cybersecurity
Quantum Cryptography and Post-Quantum Cryptography
Internet of Things (IoT) Security
Developing a framework for cyber resilience in critical infrastructure
Understanding the fundamentals of encryption algorithms
Cyber security challenges for small and medium-sized businesses
Developing secure coding practices for web applications
Investigating the role of cyber security in protecting online privacy
Network security protocols and their importance
Social engineering attacks and how to prevent them
Investigating the challenges of securing personal devices and home networks
Developing a basic incident response plan for cyber attacks
The impact of cyber security on the financial sector
Understanding the role of cyber security in protecting critical infrastructure
Mobile device security and common vulnerabilities
Investigating the challenges of securing cloud-based systems
Cyber security and the Internet of Things (IoT)
Biometric authentication and its role in cyber security
Developing secure communication protocols for online messaging platforms
The importance of cyber security in e-commerce
Understanding the threats and vulnerabilities associated with social media platforms
Investigating the role of cyber security in protecting intellectual property
The basics of malware analysis and detection
Developing a basic cyber security awareness training program
Understanding the threats and vulnerabilities associated with public Wi-Fi networks
Investigating the challenges of securing online banking systems
The importance of password management and best practices
Cyber security and cloud computing
Understanding the role of cyber security in protecting national security
Investigating the challenges of securing online gaming platforms
The basics of cyber threat intelligence
Developing secure authentication mechanisms for online services
The impact of cyber security on the healthcare sector
Understanding the basics of digital forensics
Investigating the challenges of securing smart home devices
The role of cyber security in protecting against cyberbullying
Developing secure file transfer protocols for sensitive information
Understanding the challenges of securing remote work environments
Investigating the role of cyber security in protecting against identity theft
The basics of network intrusion detection and prevention systems
Developing secure payment processing systems
Understanding the role of cyber security in protecting against ransomware attacks
Investigating the challenges of securing public transportation systems
The basics of network segmentation and its importance in cyber security
Developing secure user access management systems
Understanding the challenges of securing supply chain networks
The role of cyber security in protecting against cyber espionage
Investigating the challenges of securing online educational platforms
The importance of data backup and disaster recovery planning
Developing secure email communication protocols
Understanding the basics of threat modeling and risk assessment
Investigating the challenges of securing online voting systems
The role of cyber security in protecting against cyber terrorism
Developing secure remote access protocols for corporate networks.
Investigating the challenges of securing artificial intelligence systems
The role of machine learning in enhancing cyber threat intelligence
Evaluating the effectiveness of deception technologies in cyber security
Investigating the impact of cyber security on the adoption of emerging technologies
The role of cyber security in protecting smart cities
Developing a risk-based approach to cyber security governance
Investigating the impact of cyber security on economic growth and innovation
The role of cyber security in protecting human rights in the digital age
Developing a secure digital identity system
Investigating the impact of cyber security on global political stability
The role of cyber security in protecting the Internet of Things (IoT)
Developing a secure supply chain management system
Investigating the challenges of securing cloud-native applications
The role of cyber security in protecting against insider threats
Developing a secure software-defined network (SDN)
Investigating the impact of cyber security on the adoption of mobile payments
The role of cyber security in protecting against cyber warfare
Developing a secure distributed ledger technology (DLT) system
Investigating the impact of cyber security on the digital divide
The role of cyber security in protecting against state-sponsored attacks
Developing a secure Internet infrastructure
Investigating the challenges of securing industrial control systems (ICS)
Developing a secure quantum communication system
Investigating the impact of cyber security on global trade and commerce
Developing a secure decentralized authentication system
Investigating the challenges of securing edge computing systems
Developing a secure hybrid cloud system
Investigating the impact of cyber security on the adoption of smart cities
The role of cyber security in protecting against cyber propaganda
Developing a secure blockchain-based voting system
Investigating the challenges of securing cyber-physical systems (CPS)
The role of cyber security in protecting against cyber hate speech
Developing a secure machine learning system
Investigating the impact of cyber security on the adoption of autonomous vehicles
The role of cyber security in protecting against cyber stalking
Developing a secure data-driven decision-making system
Investigating the challenges of securing social media platforms
The role of cyber security in protecting against cyberbullying in schools
Developing a secure open source software ecosystem
Investigating the impact of cyber security on the adoption of smart homes
The role of cyber security in protecting against cyber fraud
Developing a secure software supply chain
Investigating the challenges of securing cloud-based healthcare systems
The role of cyber security in protecting against cyber harassment
Developing a secure multi-party computation system
Investigating the impact of cyber security on the adoption of virtual and augmented reality technologies.
Cybersecurity in Cloud Computing Environments
Cyber Threat Intelligence and Analysis
Blockchain Security
Data Privacy and Protection
Cybersecurity in Industrial Control Systems
Mobile Device Security
The importance of cyber security in the digital age
The ethics of cyber security and privacy
The role of government in regulating cyber security
Cyber security threats and vulnerabilities in the healthcare sector
Understanding the risks associated with social media and cyber security
The impact of cyber security on e-commerce
The effectiveness of cyber security awareness training programs
The role of biometric authentication in cyber security
The importance of password management in cyber security
The basics of network security protocols and their importance
The challenges of securing online gaming platforms
The role of cyber security in protecting national security
The impact of cyber security on the legal sector
The ethics of cyber warfare
The challenges of securing the Internet of Things (IoT)
Understanding the basics of malware analysis and detection
The challenges of securing public transportation systems
The impact of cyber security on the insurance industry
The role of cyber security in protecting against ransomware attacks
The challenges of securing remote work environments
Understanding the threats and vulnerabilities associated with social engineering attacks
The impact of cyber security on the education sector
Investigating the challenges of securing supply chain networks
The challenges of securing personal devices and home networks
The importance of secure coding practices for web applications
The impact of cyber security on the hospitality industry
The role of cyber security in protecting against identity theft
The challenges of securing public Wi-Fi networks
The importance of cyber security in protecting critical infrastructure
The challenges of securing cloud-based storage systems
The effectiveness of antivirus software in cyber security
Developing secure payment processing systems.
Cybersecurity in Healthcare
Social Engineering and Phishing Attacks
Cybersecurity in Autonomous Vehicles
Cybersecurity in Smart Cities
Cybersecurity Risk Assessment and Management
Malware Analysis and Detection Techniques
Cybersecurity in the Financial Sector
Cybersecurity in Government Agencies
Cybersecurity and Artificial Life
Cybersecurity for Critical Infrastructure Protection
Cybersecurity in the Education Sector
Cybersecurity in Virtual Reality and Augmented Reality
Cybersecurity in the Retail Industry
Cryptocurrency Security
Cybersecurity in Supply Chain Management
Cybersecurity and Human Factors
Cybersecurity in the Transportation Industry
Cybersecurity in Gaming Environments
Cybersecurity in Social Media Platforms
Cybersecurity and Biometrics
Cybersecurity and Quantum Computing
Cybersecurity in 5G Networks
Cybersecurity in Aviation and Aerospace Industry
Cybersecurity in Agriculture Industry
Cybersecurity in Space Exploration
Cybersecurity in Military Operations
Cybersecurity and Cloud Storage
Cybersecurity in Software-Defined Networks
Cybersecurity and Artificial Intelligence Ethics
Cybersecurity and Cyber Insurance
Cybersecurity in the Legal Industry
Cybersecurity and Data Science
Cybersecurity in Energy Systems
Cybersecurity in E-commerce
Cybersecurity in Identity Management
Cybersecurity in Small and Medium Enterprises
Cybersecurity in the Entertainment Industry
Cybersecurity and the Internet of Medical Things
Cybersecurity and the Dark Web
Cybersecurity and Wearable Technology
Cybersecurity in Public Safety Systems.
Threat Intelligence for Industrial Control Systems
Privacy Preservation in Cloud Computing
Network Security for Critical Infrastructure
Cryptographic Techniques for Blockchain Security
Malware Detection and Analysis
Cyber Threat Hunting Techniques
Cybersecurity Risk Assessment
Machine Learning for Cybersecurity
Cybersecurity in Financial Institutions
Cybersecurity for Smart Cities
Cybersecurity in Aviation
Cybersecurity in the Automotive Industry
Cybersecurity in the Energy Sector
Cybersecurity in Telecommunications
Cybersecurity for Mobile Devices
Biometric Authentication for Cybersecurity
Cybersecurity for Artificial Intelligence
Cybersecurity for Social Media Platforms
Cybersecurity in the Gaming Industry
Cybersecurity in the Defense Industry
Cybersecurity for Autonomous Systems
Cybersecurity for Quantum Computing
Cybersecurity for Augmented Reality and Virtual Reality
Cybersecurity in Cloud-Native Applications
Cybersecurity for Smart Grids
Cybersecurity in Distributed Ledger Technology
Cybersecurity for Next-Generation Wireless Networks
Cybersecurity for Digital Identity Management
Cybersecurity for Open Source Software
Cybersecurity for Smart Homes
Cybersecurity for Smart Transportation Systems
Cybersecurity for Cyber Physical Systems
Cybersecurity for Critical National Infrastructure
Cybersecurity for Smart Agriculture
Cybersecurity for Retail Industry
Cybersecurity for Digital Twins
Cybersecurity for Quantum Key Distribution
Cybersecurity for Digital Healthcare
Cybersecurity for Smart Logistics
Cybersecurity for Wearable Devices
Cybersecurity for Edge Computing
Cybersecurity for Cognitive Computing
Cybersecurity for Industrial IoT
Cybersecurity for Intelligent Transportation Systems
Cybersecurity for Smart Water Management Systems
The rise of cyber terrorism and its impact on national security
The impact of artificial intelligence on cyber security
Analyzing the effectiveness of biometric authentication for securing data
The impact of social media on cyber security and privacy
The future of cyber security in the Internet of Things (IoT) era
The role of machine learning in detecting and preventing cyber attacks
The effectiveness of encryption in securing sensitive data
The impact of quantum computing on cyber security
The rise of cyber bullying and its effects on mental health
Investigating cyber espionage and its impact on national security
The effectiveness of cyber insurance in mitigating cyber risks
The role of blockchain technology in cyber security
Investigating the effectiveness of cyber security awareness training programs
The impact of cyber attacks on critical infrastructure
Analyzing the effectiveness of firewalls in protecting against cyber attacks
The impact of cyber crime on the economy
Investigating the effectiveness of multi-factor authentication in securing data
The future of cyber security in the age of quantum internet
The impact of big data on cyber security
The role of cybersecurity in the education system
Investigating the use of deception techniques in cyber security
The impact of cyber attacks on the healthcare industry
The effectiveness of cyber threat intelligence in mitigating cyber risks
The role of cyber security in protecting financial institutions
Investigating the use of machine learning in cyber security risk assessment
The impact of cyber attacks on the transportation industry
The effectiveness of network segmentation in protecting against cyber attacks
Investigating the effectiveness of biometric identification in cyber security
The impact of cyber attacks on the hospitality industry
The future of cyber security in the era of autonomous vehicles
The effectiveness of intrusion detection systems in protecting against cyber attacks
The role of cyber security in protecting small businesses
Investigating the effectiveness of virtual private networks (VPNs) in securing data
The impact of cyber attacks on the energy sector
The effectiveness of cyber security regulations in mitigating cyber risks
Investigating the use of deception technology in cyber security
The impact of cyber attacks on the retail industry
The effectiveness of cyber security in protecting critical infrastructure
The role of cyber security in protecting intellectual property in the entertainment industry
Investigating the effectiveness of intrusion prevention systems in protecting against cyber attacks
The impact of cyber attacks on the aerospace industry
The future of cyber security in the era of quantum computing
The effectiveness of cyber security in protecting against ransomware attacks
The role of cyber security in protecting personal and sensitive data
Investigating the effectiveness of cloud security solutions in protecting against cyber attacks
The impact of cyber attacks on the manufacturing industry
The effective cyber security and the future of e-votingness of cyber security in protecting against social engineering attacks
Investigating the effectiveness of end-to-end encryption in securing data
The impact of cyber attacks on the insurance industry
The future of cyber security in the era of artificial intelligence
The effectiveness of cyber security in protecting against distributed denial-of-service (DDoS) attacks
The role of cyber security in protecting against phishing attacks
Investigating the effectiveness of user behavior analytics
The impact of emerging technologies on cyber security
Developing a framework for cyber threat intelligence
The effectiveness of current cyber security measures
Cyber security and data privacy in the age of big data
Cloud security and virtualization technologies
Cryptography and its role in cyber security
Cyber security in critical infrastructure protection
Cyber security in the Internet of Things (IoT)
Cyber security in e-commerce and online payment systems
Cyber security and the future of digital currencies
The impact of social engineering on cyber security
Cyber security and ethical hacking
Cyber security challenges in the healthcare industry
Cyber security and digital forensics
Cyber security in the financial sector
Cyber security in the transportation industry
The impact of artificial intelligence on cyber security risks
Cyber security and mobile devices
Cyber security in the energy sector
Cyber security and supply chain management
The role of machine learning in cyber security
Cyber security in the defense sector
The impact of the Dark Web on cyber security
Cyber security in social media and online communities
Cyber security challenges in the gaming industry
Cyber security and cloud-based applications
The role of blockchain in cyber security
Cyber security and the future of autonomous vehicles
Cyber security in the education sector
Cyber security in the aviation industry
The impact of 5G on cyber security
Cyber security and insider threats
Cyber security and the legal system
The impact of cyber security on business operations
Cyber security and the role of human behavior
Cyber security in the hospitality industry
The impact of cyber security on national security
Cyber security and the use of biometrics
Cyber security and the role of social media influencers
The impact of cyber security on small and medium-sized enterprises
Cyber security and cyber insurance
The impact of cyber security on the job market
Cyber security and international relations
Cyber security and the role of government policies
The impact of cyber security on privacy laws
Cyber security in the media and entertainment industry
The role of cyber security in digital marketing
Cyber security and the role of cybersecurity professionals
Cyber security in the retail industry
The impact of cyber security on the stock market
Cyber security and intellectual property protection
Cyber security and online dating
The impact of cyber security on healthcare innovation
Cyber security and the future of e-voting
Cyber security and the role of open source software
Cyber security and the use of social engineering in cyber attacks
The impact of cyber security on the aviation industry
Cyber security and the role of cyber security awareness training
Cyber security and the role of cybersecurity standards and best practices
Cyber security in the legal industry
The impact of cyber security on human rights
Cyber security and the role of public-private partnerships
Cyber security and the future of e-learning
Cyber security and the role of mobile applications
The impact of cyber security on environmental sustainability
Cyber security and the role of threat intelligence sharing
Cyber security and the future of smart homes
Cyber security and the role of cybersecurity certifications
The impact of cyber security on international trade
Cyber security and the role of cyber security auditing

About the author

Muhammad Hassan

Researcher, Academic Writer, Web developer

500+ Physics Research Topics

500+ Nursing Research Topic Ideas

300+ Interesting Research Topics

300+ Social Media Research Topics

500+ Music Research Topics

500+ Sports Research Topics

105 Latest Cyber Security Research Topics in 2024

Home Blog Security 105 Latest Cyber Security Research Topics in 2024

The concept of cybersecurity refers to cracking the security mechanisms that break in dynamic environments. Implementing Cyber Security Project topics and cybersecurity thesis topics helps overcome attacks and take mitigation approaches to security risks and threats in real-time. Undoubtedly, it focuses on events injected into the system, data, and the whole network to attack/disturb it.

The network can be attacked in various ways, including Distributed DoS, Knowledge Disruptions, Computer Viruses / Worms, and many more. Cyber-attacks are still rising, and more are waiting to harm their targeted systems and networks. Detecting Intrusions in cybersecurity has become challenging due to their Intelligence Performance. Therefore, it may negatively affect data integrity, privacy, availability, and security.

This article aims to demonstrate the most current Cyber Security Research Topics for Projects and areas of research currently lacking. We will talk about cyber security research questions, cyber security topics for the project, latest research titles about cyber security.

List of Trending Cyber Security Research Topics in 2024

Digital technology has revolutionized how all businesses, large or small, work, and even governments manage their day-to-day activities, requiring organizations, corporations, and government agencies to utilize computerized systems. To protect data against online attacks or unauthorized access, cybersecurity is a priority. There are many Cyber Security Courses online where you can learn about these topics. With the rapid development of technology comes an equally rapid shift in Cyber Security Research Topics and cybersecurity trends, as data breaches, ransomware, and hacks become almost routine news items. In 2024, these will be the top cybersecurity trends .

A. Exciting Mobile Cyber Security Research Paper Topics

The significance of continuous user authentication on mobile gadgets.
The efficacy of different mobile security approaches.
Detecting mobile phone hacking.
Assessing the threat of using portable devices to access banking services.
Cybersecurity and mobile applications.
The vulnerabilities in wireless mobile data exchange.
The rise of mobile malware.
The evolution of Android malware.
How to know you’ve been hacked on mobile.
The impact of mobile gadgets on cybersecurity.

B. Top Computer and Software Security Topics to Research

Learn algorithms for data encryption
Concept of risk management security
How to develop the best Internet security software
What are Encrypting Viruses- How does it work?
How does a Ransomware attack work?
Scanning of malware on your PC
Infiltrating a Mac OS X operating system
What are the effects of RSA on network security ?
How do encrypting viruses work?
DDoS attacks on IoT devices

C. Trending Information Security Research Topics

Why should people avoid sharing their details on Facebook?
What is the importance of unified user profiles?
Discuss Cookies and Privacy
White hat and black hat hackers
What are the most secure methods for ensuring data integrity?
Talk about the implications of Wi-Fi hacking apps on mobile phones
Analyze the data breaches in 2024
Discuss digital piracy in 2024
critical cyber-attack concepts
Social engineering and its importance

D. Current Network Security Research Topics

Data storage centralization
Identify Malicious activity on a computer system.
Firewall
Importance of keeping updated Software
wireless sensor network
What are the effects of ad-hoc networks
How can a company network be safe?
What are Network segmentation and its applications?
Discuss Data Loss Prevention systems
Discuss various methods for establishing secure algorithms in a network.
Talk about two-factor authentication

E. Best Data Security Research Topics

Importance of backup and recovery
Benefits of logging for applications
Understand physical data security
Importance of Cloud Security
In computing, the relationship between privacy and data security
Talk about data leaks in mobile apps
Discuss the effects of a black hole on a network system.

F. Important Application Security Research Topics

Detect Malicious Activity on Google Play Apps
Dangers of XSS attacks on apps
Discuss SQL injection attacks.
Insecure Deserialization Effect
Check Security protocols

G. Cybersecurity Law & Ethics Research Topics

Strict cybersecurity laws in China
Importance of the Cybersecurity Information Sharing Act.
USA, UK, and other countries' cybersecurity laws
Discuss The Pipeline Security Act in the United States

H. Recent Cyberbullying Topics

Protecting your Online Identity and Reputation
Online Safety
Sexual Harassment and Sexual Bullying
Dealing with Bullying
Stress Center for Teens

I. Operational Security Topics

Identify sensitive data
Identify possible threats
Analyze security threats and vulnerabilities
Appraise the threat level and vulnerability risk
Devise a plan to mitigate the threats

J. Cybercrime Topics for a Research Paper

Crime Prevention.
Criminal Specialization.
Drug Courts.
Criminal Courts.
Criminal Justice Ethics.
Capital Punishment.
Community Corrections.
Criminal Law.

Cyber Security Future Research Topics

Developing more effective methods for detecting and responding to cyber attacks
Investigating the role of social media in cyber security
Examining the impact of cloud computing on cyber security
Investigating the security implications of the Internet of Things
Studying the effectiveness of current cyber security measures
Identifying new cyber security threats and vulnerabilities
Developing more effective cyber security policies
Examining the ethical implications of cyber security

Cyber Security Topics For Research Paper

Cyber security threats and vulnerabilities
Cyber security incident response and management
Cyber security risk management
Cyber security awareness and training
Cyber security controls and countermeasures
Cyber security governance
Cyber security standards
Cyber security insurance

Research Area in Cyber Security

The field of cyber security is extensive and constantly evolving. Its research covers a wide range of subjects, including:

Quantum & Space
Data Privacy
Criminology & Law
AI & IoT Security
RFID Security
Authorization Infrastructure
Digital Forensics
Autonomous Security
Social Influence on Social Networks

How to Choose the Best Research Topics in Cyber Security?

A good cybersecurity assignment heading is a skill that not everyone has, and unfortunately, not everyone has one. You might have your teacher provide you with the topics, or you might be asked to come up with your own. If you want more cyber security research topics, you can take references from Certified Ethical Hacker Certification, where you will get more hints on new topics. If you don't know where to start, here are some tips. Follow them to create compelling cybersecurity assignment topics.

1. Brainstorm

In order to select the most appropriate heading for your cybersecurity assignment, you first need to brainstorm ideas. What specific matter do you wish to explore? In this case, come up with relevant topics about the subject and select those relevant to your issue when you use our list of topics. You can also go to cyber security-oriented websites to get some ideas. Using any blog post on the internet can prove helpful if you intend to write a research paper on security threats in 2024. Creating a brainstorming list with all the keywords and cybersecurity concepts you wish to discuss is another great way to start. Once that's done, pick the topics you feel most comfortable handling. Keep in mind to stay away from common topics as much as possible.

2. Understanding the Background

In order to write a cybersecurity assignment, you need to identify two or three research paper topics. Obtain the necessary resources and review them to gain background information on your heading. This will also allow you to learn new terminologies that can be used in your title to enhance it.

3. Write a Single Topic

Make sure the subject of your cybersecurity research paper doesn't fall into either extreme. Make sure the title is neither too narrow nor too broad. Topics on either extreme will be challenging to research and write about.

4. Be Flexible

There is no rule to say that the title you choose is permanent. It is perfectly okay to change your research paper topic along the way. For example, if you find another topic on this list to better suit your research paper, consider swapping it out.

The Layout of Cybersecurity Research Guidance

It is undeniable that usability is one of cybersecurity's most important social issues today. Increasingly, security features have become standard components of our digital environment, which pervade our lives and require both novices and experts to use them. Supported by confidentiality, integrity, and availability concerns, security features have become essential components of our digital environment.

In order to make security features easily accessible to a wider population, these functions need to be highly usable. This is especially true in this context because poor usability typically translates into the inadequate application of cybersecurity tools and functionality, resulting in their limited effectiveness.

Cyber Security Research Topic Writing Tips from Expert

Additionally, a well-planned action plan and a set of useful tools are essential for delving into Cyber Security research topics. Not only do these topics present a vast realm of knowledge and potential innovation, but they also have paramount importance in today's digital age. Addressing the challenges and nuances of these research areas will contribute significantly to the global cybersecurity landscape, ensuring safer digital environments for all. It's crucial to approach these topics with diligence and an open mind to uncover groundbreaking insights.

Before you begin writing your research paper, make sure you understand the assignment.
Your Research Paper Should Have an Engaging Topic
Find reputable sources by doing a little research
Precisely state your thesis on cybersecurity
A rough outline should be developed
Finish your paper by writing a draft
Make sure that your bibliography is formatted correctly and cites your sources.

Discover the Power of ITIL 4 Foundation - Unleash the Potential of Your Business with this Cost-Effective Solution. Boost Efficiency, Streamline Processes, and Stay Ahead of the Competition. Learn More!

Studies in the literature have identified and recommended guidelines and recommendations for addressing security usability problems to provide highly usable security. The purpose of such papers is to consolidate existing design guidelines and define an initial core list that can be used for future reference in the field of Cyber Security Research Topics.

The researcher takes advantage of the opportunity to provide an up-to-date analysis of cybersecurity usability issues and evaluation techniques applied so far. As a result of this research paper, researchers and practitioners interested in cybersecurity systems who value human and social design elements are likely to find it useful. You can find KnowledgeHut’s Cyber Security courses online and take maximum advantage of them.

Frequently Asked Questions (FAQs)

Businesses and individuals are changing how they handle cybersecurity as technology changes rapidly - from cloud-based services to new IoT devices.

Ideally, you should have read many papers and know their structure, what information they contain, and so on if you want to write something of interest to others.

Inmates having the right to work, transportation of concealed weapons, rape and violence in prison, verdicts on plea agreements, rehab versus reform, and how reliable are eyewitnesses?

The field of cyber security is extensive and constantly evolving. Its research covers various subjects, including Quantum & Space, Data Privacy, Criminology & Law, and AI & IoT Security.

Mrinal Prakash

I am a B.Tech Student who blogs about various topics on cyber security and is specialized in web application security

Avail your free 1:1 mentorship session.

Something went wrong

Upcoming Cyber Security Batches & Dates

Name	Date	Fee	Know more

Research: Women “Excluded” in the Cybersecurity Workspace

A group of women programming on a computer

Research reports from ISC2 and WiCyS highlight the diversity and equitable inclusion issues seen every day in the cybersecurity profession. We take a closer look at how gender and inclusion imbalance in the cybersecurity workplace are ongoing obstacles to entry, retention and advancement.

Failing to foster a fair and equitable professional environment remains a barrier for many considering a move into a cybersecurity role, as well as for those already in the profession. Just recently, one of the largest security vendors in the world found itself at the center of this ongoing issue , reminding the industry of the need for a persistent cultural change.

Research and personal experiences continue to highlight that more work needs to be done to ensure cybersecurity is a fair and equitable profession. One where all are treated with the same level of respect, given the same opportunities to advance and participate, and where everyone’s contribution is recognized equally.

This was a consistent theme from the ISC2 research report In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity , which brought together input from women working across the profession on their views of diversity, equity and inclusion.

“I think there is a global cultural issue. I know there are a lot of women and minorities that are well qualified and get passed over. Maybe because they’re not articulating their skills in the right way or they’re not even applying for the jobs because the organizations are being unrealistic about the requirements they put on the job description,” noted one participant.

WiCyS State of Inclusion Study

Lynn Dohm, Executive Director of WiCyS presented the findings of the organization’s latest State of Inclusion Report at ISC2’s recent Diversity, Equity and Inclusion (DEI) Summit in London . This first-of-its-kind assessment sought to discern the real causes of disparities in the experiences of women in cybersecurity. The data revealed that the workplace inclusion experiences of women continue to be dramatically worse than men across virtually every category examined.

The WiCyS data shows that women are 4.5 times more likely to be excluded from acts of recognition as men, 2.5 times more likely to be excluded from acts of respect and 2.4 times more likely to be excluded from career and growth opportunities.

This current experience echoes the testimonies of those who took part in the ISC2 research. “I’ve been in meetings where people have used my words. They’ve used my strategies. They have taken my work, and they presented it as their own,” said one respondent. “They get the credit for my talent. It would burn me so bad but, yet, I didn’t really have anyone to lean on.”

Dohm noted that women are five times more likely to cite their direct managers and peers as sources of workplace and career exclusion. Women are 1.3 times more likely to be excluded by organization leadership. In addition, Dohm also said that employees with disabilities experience higher rates of exclusion compared to those who identify with the majority.

Nonetheless, there are positives on which to keep building. The recent ISC2 Women in Cybersecurity study confirmed that despite obstacles to advancement and issues of exclusion, women retain a strong sense of job satisfaction, with room for further improvement. Some 58% of women who responded had overall satisfaction with their organization – equal to the men who were surveyed. In addition, 64% of women surveyed expressed satisfaction with their team and 58% expressed satisfaction with their department. Furthermore, passion for cybersecurity trended positively with women and grew with tenure in the field, rising to as high as 74% among women with over 15 years of industry experience.

Workplace and Industry Experiences

The WiCyS study also solicited statements from participants about their experiences. With reference to disrespectful behavior, one person noted: “After introducing myself, I have had individuals ask to speak to a ‘guy who works in IT’ instead of me.”

This was echoed in ISC2’s research: “If you actually historically doubt the intelligence level of many minorities and women, if you have those thoughts as a hiring manager and don’t think a diverse candidate is even smart enough, just because of some type of discriminatory belief that you have, then you are not going to give them that opportunity,” another ISC2 participant added.

On social exclusion and inappropriate behavior, one WiCyS participant noted: “Work and industry ‘social’ events are oriented towards the majority (males), e.g., whisky tasting and golf days.” Another highlighted concerns about the normalization of inappropriate and biased behavior towards other genders, saying: “Male leaders regularly decide to host lunches for employee appreciation, then expect the female employees who were also in leadership, to do the ordering/setting up/clean up”.

Taking Positive Action

Addressing disparity in workplace and career inclusion requires change across the organization – across culture as well as process. There are many steps to consider including:

Purposeful Inclusion

Organizations must ensure conscious leadership and give everyone a voice. Leaders should actively engage professionals equally to collaborate on key projects and in meetings.

Equal Advancement

Document advancement practices that create clear and equal paths to leadership positions for all professionals, make them transparent to all and provide the necessary resources for advancement, including technical training, language tutors, opportunities to pursue certifications, etc.

Conduct meaningful pay equity assessments across the organization and then act accordingly on the results. Then, actively monitor pay equity for all roles within an organization and ensure that salary and benefits are aligned based on role requirements and experience.

Celebrate DEI Achievements

Organizations need training and skills development programs focused on creating and maintaining awareness and fostering effective DEI principles across all departments and leadership levels. It’s also important to recognize progress, highlighting successful DEI best practices and programs.

Access additional information on the ISC2 DEI Resource Center
The latest ISC2 Women in Cybersecurity research examines inclusion, advancement and pay equity
Find out more about the WiCyS State of Inclusion initiative
Read the full In Their Own Words report

FILTER BY YEAR

26th August – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin .

TOP ATTACKS AND BREACHES

Halliburton, a leading U.S. oilfield services firm, was hit by a cyberattack that forced the company to take certain systems offline to contain the breach. Hackers gained access to some of the company’s systems, prompting an ongoing investigation with the help of external contractors. No group has claimed responsibility for the attack.
Microchip Technology, an American semiconductor manufacturer, reported a cyberattack that disrupted some of its servers and business operations. Upon detecting suspicious activity, the company isolated affected systems, shut down certain services, and initiated an investigation with external cybersecurity experts. The incident has impacted manufacturing, causing operations to run below normal levels, affecting the company’s ability to fulfill orders. The full scope and impact of the attack remain unclear, and the identity of the attackers is unknown.
The Oregon Zoo has disclosed that personal and payment information of more than 100,000 of the Zoo’s visitors has been leaked. The threat actors had access to zoo’s online payment platform for a period of more than 6 months, redirecting transactions from the zoo’s online ticketing system and stealing full credit card details.
Japanese car manufacturing giant Toyota has confirmed a third-party data breach of limited scope after a threat actor had leaked 240GB of data on underground cybercrime forums. Representatives have denied the threat actor’s allegations that the company’s U.S. branch was hacked.
City officials in Columbus, Ohio, have warned crime victims and witnesses to remain vigilant after a ransomware gang leaked data stolen from the local prosecutor’s office on the Dark Web. The Rhysida ransomware group, which had initially hit the city in July and demanded $1.9 million in Bitcoin, released 6.5 terabytes of data after the city refused to pay. The leaked information, which includes sensitive personal details, poses a particular risk to individuals escaping abusive situations.
Hackers launched a massive distributed denial-of-service (DDoS) attack on Monobank, one of Ukraine’s leading online banks. The attack, which spanned for three days, involved an unprecedented volume of 7.5 billion requests per second, but did not impact the bank’s core operations. The aim of the attack appeared to be to disrupt a popular platform for raising funds for Ukraine’s armed forces, a service that has gained increased usage since recent military actions.
Researchers have identified a phishing campaign likely linked to Iranian hackers targeting a prominent Jewish religious figure. The attackers, suspected to be connected to Iranian group APT42 (also known as TA453), used spoofed emails from the Institute for the Study of War (ISW) to invite the victim to a fake podcast, ultimately delivering malware named BlackSmith via a malicious GoogleDrive link.

VULNERABILITIES AND PATCHES

Cisco report ed on eight vulnerabilities in Microsoft applications for macOS. The Microsoft apps gain entitlements and user-granted permissions which can be exploited by threat actors via injection of malicious libraries. This can allow the threat actors access to a victim’s microphone, camera, screen recording, user input, stored data and more.
Wordfence disclosed a critical vulnerability, tracked as CVE-2024-28000, in a WordPress plugin Lightspeed Cache. Used by more than 5,000,000 websites, the plugin versions up to and including 6.3.0.1 are vulnerable to privilege escalation due to mismanagement of role simulation functionality.

Check Point IPS provides protection against this threat (WordPress LiteSpeed Cache Plugin Privilege Escalation (CVE-2024-28000))

Researchers have discovered a high severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-38206) in Microsoft Copilot Studio, enabling unauthorized access to internal service data and cross-tenant information. This vulnerability allowed the manipulation of Copilot’s HTTP requests to access Microsoft’s internal infrastructure, including sensitive instance metadata and Cosmos DB.

THREAT INTELLIGENCE REPORTS

Researchers have uncovered a new phishing technique targeting mobile users via Progressive Web Applications (PWAs) and WebAPKs on both Android and iOS platforms. This method involves tricking users into installing phishing apps that mimic legitimate banking applications without traditional warnings about third-party installations. The phishing campaigns, observed primarily in Czechia but also in Hungary and Georgia, use social engineering through various delivery mechanisms. Once installed, these apps capture sensitive banking credentials and send them to different command-and-control servers managed by separate threat actors.
Researchers have identified a state-sponsored North Korean threat actor, known as UAT-5394, using a newly developed remote access trojan called MoonPeak. This malware, evolving from the open-source XenoRAT, forms part of a broader infrastructure shift from cloud services to attacker-owned systems.
Researchers report on a new BlindEagle, also known as APT-C-36, campaign targeting Latin American countries such as Colombia, Ecuador, Chile, and Panama. This group employs phishing emails, often impersonating governmental or financial institutions, to deliver malware. Their tactics include using publicly available Remote Access Trojans (RATs) like njRAT and AsyncRAT, which they customize for espionage or financial theft.
The Qilin ransomware group has introduced a new tactic by deploying a custom stealer to harvest account credentials stored in Google Chrome browsers. After gaining access to a network through compromised VPN credentials lacking multi-factor authentication (MFA), Qilin used Group Policy Objects (GPOs) to spread the stealer across all domain-connected machines, potentially stealing credentials from every logged-in user.

BLOGS AND PUBLICATIONS

Check Point Research Publications
Threat Research

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

The 2020 Cyber Security Report

StealthLoader Malware Leveraging Log4Shell

SUBSCRIBE TO CYBER INTELLIGENCE REPORTS

Country —Please choose an option— China India United States Indonesia Brazil Pakistan Nigeria Bangladesh Russia Japan Mexico Philippines Vietnam Ethiopia Egypt Germany Iran Turkey Democratic Republic of the Congo Thailand France United Kingdom Italy Burma South Africa South Korea Colombia Spain Ukraine Tanzania Kenya Argentina Algeria Poland Sudan Uganda Canada Iraq Morocco Peru Uzbekistan Saudi Arabia Malaysia Venezuela Nepal Afghanistan Yemen North Korea Ghana Mozambique Taiwan Australia Ivory Coast Syria Madagascar Angola Cameroon Sri Lanka Romania Burkina Faso Niger Kazakhstan Netherlands Chile Malawi Ecuador Guatemala Mali Cambodia Senegal Zambia Zimbabwe Chad South Sudan Belgium Cuba Tunisia Guinea Greece Portugal Rwanda Czech Republic Somalia Haiti Benin Burundi Bolivia Hungary Sweden Belarus Dominican Republic Azerbaijan Honduras Austria United Arab Emirates Israel Switzerland Tajikistan Bulgaria Hong Kong (China) Serbia Papua New Guinea Paraguay Laos Jordan El Salvador Eritrea Libya Togo Sierra Leone Nicaragua Kyrgyzstan Denmark Finland Slovakia Singapore Turkmenistan Norway Lebanon Costa Rica Central African Republic Ireland Georgia New Zealand Republic of the Congo Palestine Liberia Croatia Oman Bosnia and Herzegovina Puerto Rico Kuwait Moldov Mauritania Panama Uruguay Armenia Lithuania Albania Mongolia Jamaica Namibia Lesotho Qatar Macedonia Slovenia Botswana Latvia Gambia Kosovo Guinea-Bissau Gabon Equatorial Guinea Trinidad and Tobago Estonia Mauritius Swaziland Bahrain Timor-Leste Djibouti Cyprus Fiji Reunion (France) Guyana Comoros Bhutan Montenegro Macau (China) Solomon Islands Western Sahara Luxembourg Suriname Cape Verde Malta Guadeloupe (France) Martinique (France) Brunei Bahamas Iceland Maldives Belize Barbados French Polynesia (France) Vanuatu New Caledonia (France) French Guiana (France) Mayotte (France) Samoa Sao Tom and Principe Saint Lucia Guam (USA) Curacao (Netherlands) Saint Vincent and the Grenadines Kiribati United States Virgin Islands (USA) Grenada Tonga Aruba (Netherlands) Federated States of Micronesia Jersey (UK) Seychelles Antigua and Barbuda Isle of Man (UK) Andorra Dominica Bermuda (UK) Guernsey (UK) Greenland (Denmark) Marshall Islands American Samoa (USA) Cayman Islands (UK) Saint Kitts and Nevis Northern Mariana Islands (USA) Faroe Islands (Denmark) Sint Maarten (Netherlands) Saint Martin (France) Liechtenstein Monaco San Marino Turks and Caicos Islands (UK) Gibraltar (UK) British Virgin Islands (UK) Aland Islands (Finland) Caribbean Netherlands (Netherlands) Palau Cook Islands (NZ) Anguilla (UK) Wallis and Futuna (France) Tuvalu Nauru Saint Barthelemy (France) Saint Pierre and Miquelon (France) Montserrat (UK) Saint Helena, Ascension and Tristan da Cunha (UK) Svalbard and Jan Mayen (Norway) Falkland Islands (UK) Norfolk Island (Australia) Christmas Island (Australia) Niue (NZ) Tokelau (NZ) Vatican City Cocos (Keeling) Islands (Australia) Pitcairn Islands (UK)

We value your privacy!

BFSI uses cookies on this site. We use cookies to enable faster and easier experience for you. By continuing to visit this website you agree to our use of cookies.

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

https://www.nist.gov/nist-awards/2024-bronze-medal-award-yee-yin-choong-mary-theofanos-kerrianne-buchanan

2024 Bronze Medal Award

Award citation.

The group is recognized for outstanding, novel research on youth cybersecurity and privacy knowledge and practices. This groundbreaking effort was the first time NIST conducted cybersecurity research with youths, filling a gap by contributing data and practical guidance on protecting and educating the next generation of the American workforce and future digital citizens. The research took a holistic view by interviewing and surveying youths, parents, and teachers, laying the foundation for understanding 3rd - 12th graders' perceptions of cybersecurity and privacy from multiple perspectives.

GROUP AWARD

Yee-yin choong, mary theofanos, kerrianne buchanan.

Special Features

Vendor voice.

US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor

Rap sheet spells out major no-nos after disgruntled staff blow whistle.

The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees.

Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged failures to protect controlled unclassified information (CUI).

The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.

Among the allegations is the suggestion that between May 2019 and February 2020, Georgia Tech's Astrolavos Lab – ironically a group that focuses on cybersecurity issues affecting national security – failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171).

When the plan was implemented in February 2020, the lawsuit alleges that it wasn't properly scoped – not all the necessary endpoints were included – and that for years afterward, Georgia Tech failed to maintain that plan in line with regulations.

Additionally, the Astrolavos Lab was accused of failing to implement anti-malware solutions across devices and the lab's network. The lawsuit alleges that the university approved the lab's refusal to deploy the anti-malware software "to satisfy the demands of the professor that headed the lab," the DoJ said. This is claimed to have occurred between May 2019 and December 2021.

Refusing to install anti-malware solutions at a contractor like this is not allowed. In fact, it violates federal requirements and Georgia Tech's own policies, but allegedly happened anyway.

The university and the GTRC also, it is claimed, submitted a false cybersecurity assessment score in December 2020 – a requirement for all DoD contractors to demonstrate they're meeting compliance standards.

The two organizations are accused of issuing themselves a score of 98, which was later deemed to be fraudulent based on various factors.

To summarize, the issue centers around the claim that the assessment was carried out on a "fictitious" environment, so on that basis the score wasn't given to a system related to the DoD contract, the US alleges.

The claims are being made under the False Claims Act (FCA), which is being utilized by the Civil Cyber-Fraud Initiative (CCFI), which was introduced in 2021 to punish entities that knowingly risk the safety of United States IT systems.

It's a first-of-its-kind case being pursued as part of the CCFI. All previous cases brought under the CCFI were settled before they reached the litigation stage.

"Because the allegations suggest Georgia Tech falsely certified it was compliant with DoD contractual and regulatory requirements, they present a textbook case of potential FCA liability predicated on alleged non‐compliance with NIST standards ," states an assessment of the case from legal experts at O'Melveny.

"The complaint contends personnel across teams at Georgia Tech interpreted NIST controls in a way that allowed them to designate whatever actions they were already taking to be 'compliant' and implement interpretations that effectively rendered security controls meaningless."

DoD spins up supercomputer to accelerate biothreat defense
Russian cyber snoops linked to massive credential-stealing campaign
North Korean chap charged for attacks on US hospitals, military, NASA – and even China
Data pilfered from Pentagon IT supplier Leidos

The case was originally brought in July 2022 by Craig, who is still affiliated with Georgia Tech as the associate director of cybersecurity, and Koza, a Georgia Tech grad and former principal infosec engineer at GIT.

The US filed and was swiftly granted a complaint-in-intervention in June 2024 after announcing its intent to join the lawsuit against Georgia Tech and GTRC in April.

US officials expressed their displeasure with the defendants, saying they put national security and defense personnel at risk.

"Deficiencies in cybersecurity controls pose a significant threat not only to our national security, but also to the safety of the men and women of our armed services that risk their lives daily," said special agent-in-charge Darrin K Jones, Department of Defense Office of Inspector General, Defense Criminal Investigative Service (DCIS), Southeast Field Office.

"As force multipliers, we place a substantial amount of trust in our contractors and expect them to meet the strict standards our service members deserve."

"Government contractors that fail to follow and fully implement required cybersecurity controls jeopardize the security of sensitive government information and information systems and create unnecessary risks to national security," said principal deputy assistant attorney general Bryan Boynton of the Civil Division. "We will continue to pursue knowing cybersecurity-related violations under the Department's Civil Cyber-Fraud Initiative."

Separately, Georgia Tech is also the subject of a Congressional probe into its potentially problematic relationship with China.

Since 2013, the institution has partnered with Tianjin University, which is believed to have "significant ties" to the Chinese military and was previously blacklisted for stealing American military technology , and received "millions of dollars" from China to support this partnership.

The partnership has borne fruit such as the first-ever graphene-based semiconductor . Announced earlier this year, it's thought that with some additional work, the material could surpass the performance of silicon.

The investigation carried out by the House Select Committee on the Chinese Communist Party was only announced in May this year, so it will take some time before we hear anything regarding its conclusion.

The Reg approached Georgia Tech and GTRC for a response. We will update the article if either responds. ®

Cybersecurity
United States Department of Defense
United States Department of Justice

Narrower topics

RSA Conference

Broader topics

Federal government of the United States

Send us news

Russia tells citizens to switch off home surveillance because the Ukrainians are coming

Plane tracker app flightaware admits user data exposed for years, multiple flaws in microsoft macos apps unpatched despite potential risks, national public data tells officials 'only' 1.3m people affected by intrusion, ransomhub-linked edr-killing malware spotted in the wild, georgia's voter portal gets a crash course in client versus backend input validation, enzo biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster, palo alto networks execs apologize for 'hostesses' dressed as lamps at black hat booth.

Advertise with us

Our Websites

The Next Platform
Blocks and Files

Your Privacy

Cookies Policy
Privacy Policy
Ts & Cs

Computer Science and Engineering
Computer Security and Reliability
Cyber Security

A Study Of Cyber Security Challenges And Its Emerging Trends On Latest Technologies

February 2014

Chaitanya Bharathi Institute of Technology

Discover the world's research

25+ million members
160+ million publication pages
2.3+ billion citations
Muzamil Mushtaq

Sameer Nimkar
Sanjiv Kumar
Akinkunle Olanrewaju Akinloye
Sunday Anwansedo

Noxolo Buthelezi
Dennis Ngong Ocholla
Lungile P. Luthuli

Kumar Sekhar Roy
Gopalam Venkata Sai Charan
Ahmed Naguib
Khaled M. Fouad

Abdulrahman C Yakubu

Ieee Security
Privacy Magazine -Ieeecs
Recruit researchers
Join for free
Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

Newsletters

IE 11 Not Supported

Lawsuit: georgia tech didn’t enforce cybersecurity rules, the federal government is alleging that georgia tech and its research arm didn’t follow enforcement of cybersecurity rules stated within u.s. department of defense contracts..

Cybersecurity lock on a background of passwords

DOJ Files Complaint in First Cybersecurity False Claims Act Qui Tam Case Intervention

In July 2022, two relators sued the Georgia Tech Research Corporation (GTRC) and the Georgia Institute of Technology (GA Tech) under the FCA . The allegations include violations of the FCA and employment law, based on the “increasing retaliation” experienced by the relators after they escalated their concerns. In February 2024, the DOJ intervened in the case, and on Aug. 22, 2024, with the U.S. Attorney’s Office for the Northern District of Georgia, DOJ filed its complaint-in-intervention (Complaint), raising its own allegations under the FCA and federal common law alleging that GTRC and GA Tech failed to meet cybersecurity requirements in connection with the performance of their DoD contracts. This is the first FCA litigation matter where the DOJ has intervened as part of the Civil Cyber-Fraud Initiative .

Overview of DFARS Cybersecurity Provisions

Since 2013 contractors and subcontractors have been required to provide “adequate security” to protect controlled unclassified information (CUI) that resides on a covered contractor information system. See DFARS 252.204-7012. Since 2016 “adequate security” has entailed compliance with the version of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 in effect at the time a solicitation is issued. Id . Contractors should have a Plan of Action and Milestones (POAM) for each control that is not fully implemented. The contract clauses also state that by submitting their offers, contractors are representing that they will implement the NIST SP 800-171 controls. See DFARS 252.204-7008(c)(1). In December 2020, additional clauses were issued providing for an assessment against the NIST SP 800-171 controls, which should be filed in the Supplier Performance Risk Management System (SPRS). See DFARS 252.204-7019. The score, the scope of assessment, and the date by which the contractor intends to implement the NIST SP 800-171 controls must be posted at the time of contract award for each covered contractor information system that is relevant to the contract.

Key Allegations of Cybersecurity Violations

DOJ’s allegations focus on one lab at GA Tech, the Astrolavos Lab, and two contracts that lab held between 2016 and the present. DOJ alleges that these contracts incorporated the requirements to comply with NIST SP 800-171, and the later-in-time contract incorporated the self-assessment requirements. According to DOJ, testimony from GA Tech’s staff indicates that both contracts also included CUI. The allegations focus on three main areas of noncompliance: the failure to have in place a comprehensive System Security Plan (SSP) in accordance with NIST control 3.13.4; the failure to install, update, and run antivirus software in accordance with NIST control 3.14.2; and the failure to post an accurate NIST self-assessment score.

NIST control 3.12.4 directs contractors to “[d]evelop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.” DOJ alleges that Astrolavos Lab failed to have an SSP until February 2020 and that the SSP which was developed was limited to servers, rather than encompassing the laptops and desktops that would also hold CUI. The lab developed another SSP in August 2023 for a separate contract, but that was nearly a year after CUI was incorporated into the contract and was also inadequate because it did not fully address all covered systems.
NIST control 3.14.2 directs contractors to install antivirus software throughout an IT environment, including on hosts such as workstations, servers, mobile devices, firewalls, email servers, web servers, and remote access servers. DOJ alleges that Astrolavos Lab failed to install, update, and run antivirus software from at least 2016 until December 2021.
DOJ also alleged that the assessment score posted in SPRS was inaccurate because the scope of the assessment was not properly identified.

DOJ alleges that staff at GA Tech were aware of the above issues and the regulatory requirements imposed on GA Tech, and that the violations were material to payment decisions by the government for the following reasons:

Cybersecurity is critical to national defense, quoting from multiple executive orders issued by Presidents Obama, Trump, and Biden, as well as DoD policies and guidance.
Cybersecurity compliance is a condition of contract, and therefore a condition of payment. DOJ notes that GA Tech was sent a cure notice under one of the contracts based on the alleged violations of the cybersecurity requirements.

Key Takeaways for Contractors

The intervention and allegations in the Complaint demonstrate DOJ’s continued focus on cybersecurity fraud and enforcing contractor compliance with cybersecurity requirements under the Civil Cyber-Fraud Initiative. In announcing the Complaint, DOJ also highlighted the risk that deficiencies in cybersecurity pose to our national security and the safety of our armed services, stating that “government contractors that fail to fully implement required cybersecurity controls jeopardize the confidentiality of sensitive government information” and the goal is “to identify such contractors and to hold them accountable.”

DOJ’s actions here align with DoD’s rulemaking activities on CMMC , which propose more robust controls around contractor verification of cybersecurity control implementation. Contractors should carefully review any requests for verification or attestations related to cybersecurity compliance. For example, under the new proposed rule contractors and subcontractors may need to provide a confidence level in their assessment or provide an annual affirmation of their assessment. Contractors should be alert to any such requirements and the increased risks such statements may impose.

Contractors must also keep in mind that cybersecurity obligations have been part of DoD contracts and subcontracts since at least December 2017. This case emphasizes that DoD contractors and subcontractors at all tiers risk significant consequences if they fail to meet cybersecurity compliance obligations. Contractors should carefully review their existing contracts and clarify any questions regarding the application of any cybersecurity requirements, as well as verify the accuracy of any explicit or implied statements of compliance.

GT Alert_DOJ Files Complaint in First Cybersecurity False Claims Act Qui Tam Case Intervention

IMAGES

5 Cybersecurity Best Practices You Should Know
Multimedia Gallery
🔐 Cyber Security Research Topics
Cybersecurity Research
60+ Latest Cyber Security Research Topics for 2023
Research strategy / Research / Advanced Cyber Security Engineering

COMMENTS

Journal of Cybersecurity
About the journal. Journal of Cybersecurity publishes accessible articles describing original research in the inherently interdisciplinary world of computer, systems, and information security …. Find out more. The health belief model and phishing: determinants of preventative security behaviors. Narrow windows of opportunity: the limited ...
Cyber security: State of the art, challenges and future directions
Abstract. Cyber security has become a very critical concern that needs the attention of researchers, academicians, and organizations to confidentially ensure the protection and security of information systems. Due to the increasing demand for digitalization, every individual and organization faces continually shifting cyber threats.
Cybersecurity: News, Research, & Analysis
An audio version of "Why the United Nations Is Chasing Its Tail on Cybersecurity," a new commentary by CSIS's James Andrew Lewis. This audio was generated with text-to-speech by Eleven Labs. CSIS's cybersecurity research and analysis work covers cyber warfare, encryption, military cyber capacity, hacking, financial terrorism, and more.
Artificial intelligence for cybersecurity: Literature review and future
Researchers are actively working in the field of sensor identification and authentication to ensure the security of cyber-physical systems or the automotive sector. Channel [97] and sensor [98, 99] imperfections are used to find the transient and steady-state parameters as an input to the machine learning model for sensor identification. 5.2.1.3.
Home
The journal publishes research articles and reviews in the areas including, but not limited to: • Cryptography and its applications. • Network and critical infrastructure security. • Hardware security. • Software and system security. • Cybersecurity data analytics. • Data-driven security and measurement studies. • Adversarial ...
Articles
Study of smart grid cyber-security, examining architectures, communication networks, cyber-attacks, countermeasure techniques, and challenges ... (IIE) is a national research institute in Beijing that specializes in comprehensive research on theories and applications related to information technology.
Cyber risk and cybersecurity: a systematic review of data ...
Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses ...
Journal of Cybersecurity and Privacy
The extracted information can provide security analysts with useful Cyber Threat Intelligence (CTI) to enhance their decision-making. However, because the data sources are heterogeneous, there is a lack of common representation of information, rendering the analysis of CTI complicated. ... This research paper aims to survey the current state of ...
Cyber Security Research
The cyber security research community is an eclectic group, addressing a diverse set of research questions, based on multifarious theories and deploying sundry methods, making it difficult to obtain a comprehensive grasp of this league. Using quantitative methods, the present work aims to summarize the activities of this group of researchers in ...
A holistic and proactive approach to forecasting cyber threats
Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection, promising to automate the task of detecting, tracking and blocking malware and intruders ...
(PDF) A Systematic Literature Review on the Cyber Security
Cyber security is a set of technologies, processes, and practices aimed at preventing attacks, damage, and illegal access to networks, computers, programmes, and data. The primary goal of this ...
(PDF) Cyber Security Threats and Vulnerabilities: A ...
Abstract. There has been a tremendous increase in research in the area of cyber security to support cyber applications and to avoid key security threats faced by these applications. The goal of ...
Cyber security: Current threats, challenges, and prevention methods
Cyber Security is a blend of innovative headways, process cycles and practices. The goal of cyber security is to ensure protection of applications, networks, PCs, and critical information from attack. ... becomes unsafe and to forestall such vindictive practices, a few security goals have been found. This paper reviews research work done in ...
Cyber Security and Information Sciences
We research, develop, evaluate, and deploy tools and systems designed to ensure that national security missions can be accomplished successfully despite cyber attacks. We also develop advanced hardware, software, and algorithms for processing datasets from a range of sources, including speech, imagery, text, and network traffic.
Cyber risk and cybersecurity: a systematic review of data availability
This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets.
Cybersecurity trends: Looking over the horizon
Over the next three to five years, we expect three major cybersecurity trends that cross-cut multiple technologies to have the biggest implications for organizations. 1. On-demand access to ubiquitous data and information platforms is growing. Mobile platforms, remote work, and other shifts increasingly hinge on high-speed access to ubiquitous ...
A Study of Cyber Security Issues and Challenges
The paper first explains what cyber space and cyber security is. Then the costs and impact of cyber security are discussed. The causes of security vulnerabilities in an organization and the challenging factors of protecting an organization from cybercrimes are discussed in brief. Then a few common cyber-attacks and the ways to protect from them ...
500+ Cyber Security Research Topics
Cyber Security Research Topics. Cyber Security Research Topics are as follows: The role of machine learning in detecting cyber threats. The impact of cloud computing on cyber security. Cyber warfare and its effects on national security. The rise of ransomware attacks and their prevention methods.
(PDF) Research Paper on Cyber Security
Abstract. In the current world that is run by technology and network connections, it is crucial to know what cyber security is and to be able to use it effectively. Systems, important files, data ...
105 Latest Cyber Security Research Topics in 2024
Criminal Law. Cyber Security Future Research Topics. Developing more effective methods for detecting and responding to cyber attacks. Investigating the role of social media in cyber security. Examining the impact of cloud computing on cyber security. Investigating the security implications of the Internet of Things.
A STUDY OF CYBER SECURITY AND ITS CHALLENGES IN THE SOCIETY
This paper mainly focuses on challenges faced by cyber security on the latest technologies .It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber security. Keywords: cyber security, cyber crime, cyber ethics, social media, cloud computing, android apps. 1. INTRODUCTION.
2024 Best Cyber Security Degree Programs Ranking in America
A Cyber Security degree can significantly influence your career mobility and advancement in America, opening doors to a variety of exciting opportunities. Here's how: Diverse Career Paths: Graduates can pursue roles such as Security Analyst, Penetration Tester, Incident Responder, or Cybersecurity Consultant. According to the U.S. Bureau of ...
A comprehensive review study of cyber-attacks and cyber security
Cyber-security policy may require that "when the risk of disclosure of confidential information is high, ... His research interests include information security, computational intelligence and big data analysis. E-mail: [email protected]. Qinghui Liu was born in Jining Shandong, P.R. China, in 1977. He received the Master degree from Shandong ...
Research: Women "Excluded" in the Cybersecurity Workspace
Research reports from ISC2 and WiCyS highlight the diversity and equitable inclusion issues seen every day in the cybersecurity profession. We take a closer look at how gender and inclusion imbalance in the cybersecurity workplace are ongoing obstacles to entry, retention and advancement.
26th August
Check Point Research Publications; Global Cyber Attack Reports; Threat Research; February 17, 2020 ... January 22, 2020 The 2020 Cyber Security Report. Global Cyber Attack Reports; December 15, 2021 StealthLoader Malware Leveraging Log4Shell. Publications. Global cyber attack reports; Research publications; IPS advisories; Check point blog;
2024 Bronze Medal Award
The group is recognized for outstanding, novel research on youth cybersecurity and privacy knowledge and practices. This groundbreaking effort was the first time NIST conducted cybersecurity research with youths, filling a gap by contributing data and practical guidance on protecting and educating the next generation of the American workforce and future digital citizens.
US sues Georgia Tech alleging litany of security failings
The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia ...
(PDF) A Study Of Cyber Security Challenges And Its ...
This paper mainly. focuses on challenges faced by cyber security on the latest technologies .It also focuses on latest about. the cyber security techniques, ethics and the trends changing the face ...
Lawsuit: Georgia Tech Didn't Enforce Cybersecurity Rules
The federal government is alleging that Georgia Tech and its research arm didn't follow enforcement of cybersecurity rules stated within U.S. Department of Defense contracts.
DOJ Files Complaint in First Cybersecurity False Claims Act Qui Tam
• On Aug. 22, 2024, the Department of Justice filed its complaint-in-intervention against the Georgia Tech Research Corporation and the Georgia Institute of Technology, raising claims under the False Claims Act (FCA) and federal common law. This is the first FCA lawsuit the United States has intervened in as part of DOJ's Civil Cyber-Fraud Initiative.