RCVaR: An economic approach to estimate cyberattacks costs using data from industry reports

Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that aim to survive in competitive markets. However, understanding company -specific risks and quantifying their associated costs is not trivial. Current approaches fail to approximate the individualized financial impact of cyber incidents with a monetary estimation. Additionally, due to limited resources and technical expertise, SMEs, but also large companies, struggle to quantify their cyberattack exposure. Therefore, novel approaches must be built to contribute to a better understanding of the financial loss associated with cyberattacks. This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs using real -world information from public cybersecurity reports. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattack costs for companies. Furthermore, RCVaR extends current methods to achieve cost and risk estimations based on historical real -world data instead of only probability -based simulations. The evaluation of the approach on unseen data shows the high accuracy and efficiency of the RCVaR in predicting and managing cyber risks. Thus, we argue that the RCVaR is a valuable addition to cybersecurity planning and risk management processes.