A Machine Learning-based Method for Cyber Risk Assessment

Cyber risk assessment is one of the top priorities of modern organizations and companies, owing to the massive amount of data they process on a daily basis and to the increasing number of successful cyber attacks. The probability of occurrence of these cyber incidents can be estimated by means of statistical tools, which exploit numerical categories to compute the probability that the organization will be breached by one or more cyber attacks. However, these approaches heavily rely on experts' estimates and/or on past data, which are not always available. In this paper we show that, by exploiting machine learning tools, cyber risk can be assessed by using some easily obtainable parameters (called maturity, complexity, attractiveness) representing the cyber posture of the organization under exam. To validate the method we propose, we apply it to three organizations in the healthcare sector having different values of maturity and complexity. The results highlight how the model can be successfully used to assign each organization a class of cyber risk, even in a crucial sector such as healthcare.