Hostname: page-component-cd9895bd7-dzt6s Total loading time: 0 Render date: 2024-12-26T05:38:53.516Z Has data issue: false hasContentIssue false

Bayesian vine copulas for modelling dependence in data breach losses

Published online by Cambridge University Press:  03 February 2022

Jia Liu
Affiliation:
Research School of Finance, Actuarial Studies & Statistics, College of Business and Economics, Australian National University, Canberra, Australian Capital Territory, Australia
Jackie Li
Affiliation:
Department of Econometrics and Business Statistics, Monash Business School, Monash University, Melbourne, Victoria, Australia
Kevin Daly
Affiliation:
Department of Economics, Finance and Property, School of Business, Western Sydney University, Sydney, New South Wales, Australia

Abstract

Potentialdata breach losses represent a significant part of operational risk and can be a serious concern for risk managers and insurers. In this paper, we employ the vine copulas under a Bayesian framework to co-model incidences from different data breach types. A full Bayesian approach can allow one to select both the copulas and margins and estimate their parameters in a coherent fashion. In particular, it can incorporate process, parameter, and model uncertainties, and this is very important for applications in risk management under current regulations. We also conduct a series of sensitivity tests on the Bayesian modelling results. Using two public data sets of data breach losses, we find that the overall dependency structure and tail dependence vary significantly between different types of data breaches. The optimally selected vine structure and pairwise copulas suggest more conservative value-at-risk estimates when compared to the other suboptimal copula models.

Type
Original Research Paper
Copyright
© The Author(s), 2022. Published by Cambridge University Press on behalf of Institute and Faculty of Actuaries

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Aas, K., Czado, C., Frigessi, A. & Bakken, H. (2009). Pair-copula constructions of multiple dependence. Insurance: Mathematics and Economics, 44, 182198.Google Scholar
Bedford, T. & Cooke, R.M. (2002). Vines – a new graphical model for dependent random variables. Annals of Statistics, 30, 10311068.CrossRefGoogle Scholar
Böhme, R. & Kataria, G. (2006). Models and measures for correlation in cyber-insurance. Workshop on the Economics of Information Security (WEIS). University of Cambridge, UK.Google Scholar
Böhme, R. & Schwartz, G. (2010). Modeling cyber-insurance: towards a unifying framework. Workshop on the Economics and Insurance Security (WEIS). Havard University, US.Google Scholar
Brechmann, E.C., Czado, C. & Aas, K. (2012). Truncated regular vines in high dimensions with applications to financial data. Canadian Journal of Statistics, 40, 6885.CrossRefGoogle Scholar
Brechmann, E.C., Hendrich, K. & Czado, C. (2013). Conditional copula simulation for systemic risk stress testing. Insurance: Mathematics and Economics, 53, 722732.Google Scholar
Chan, J.S.K., Choy, S.T.B., Makov, U.E. & Landsman, Z. (2018). Modelling insurance losses using contaminated generalised beta type-II distribution. ASTIN Bulletin, 48, 871904.CrossRefGoogle Scholar
Chuliá, H., Guillén, M. & Uribe, J.M. (2016). Modeling longevity risk with generalized dynamic factor models and vine-copulae. ASTIN Bulletin, 46, 165190.CrossRefGoogle Scholar
Cole, C.R. & Fier, S.G. (2021). An empirical analysis of insurer participation in the U.S. cyber insurance market. North American Actuarial Journal, 25, 232254.CrossRefGoogle Scholar
Czado, C. (2019). Analyzing Dependent Data with Vine Copulas. Springer International Publishing, Cham.CrossRefGoogle Scholar
Dißmann, J., Brechmann, E.C., Czado, C. & Kurowicka, D. (2013). Selecting and estimating regular vine copulae and application to financial returns. Computational Statistics and Data Analysis, 59, 5269.CrossRefGoogle Scholar
Edwards, B., Hofmeyr, S. & Forrest, S. (2016). Hype and heavy tails: a closer look at data breaches. Journal of Cybersecurity, 2, 314.CrossRefGoogle Scholar
Eling, M. & Jung, K. (2018). Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance: Mathematics and Economics, 82, 167180.Google Scholar
Eling, M. & Loperfido, N. (2017). Data breaches: goodness of fit, pricing, and risk measurement. Insurance: Mathematics and Economics, 75, 126136.Google Scholar
Fahrenwaldt, M.A., Weber, S. & Weske, K. (2018). Pricing of cyber insurance contracts in a network model. ASTIN Bulletin, 48, 11751218.CrossRefGoogle Scholar
Fink, H., Klimova, Y., Czado, C. & Stöber, J. (2017). Regime switching vine copula models for global equity and volatility indices. Econometrics, 5, 138.CrossRefGoogle Scholar
Frahm, G., Junker, M. & Schmidt, R. (2005). Estimating the tail-dependence coefficient: properties and pitfalls. Insurance: Mathematics and Economics, 37, 80100.Google Scholar
Geidosch, M. & Fischer, M. (2016). Application of vine copulas to credit portfolio risk modeling. Journal of Risk and Financial Management, 9, 115.CrossRefGoogle Scholar
Gruber, L. & Czado, C. (2015). Sequential Bayesian model selection of regular vine copulas. Bayesian Analysis, 10, 937963.CrossRefGoogle Scholar
Gruber, L.F. & Czado, C. (2018). Bayesian model selection of regular vine copulas. Bayesian Analysis, 13, 11111135.CrossRefGoogle Scholar
Herath, H.S.B. & Herath, T. (2011). Copula-based actuarial model for pricing cyber-insurance policies. Insurance Markets and Companies: Analyses and Actuarial Computations, 2, 720.Google Scholar
Hobæk Haff, I., Aas, K. & Frigessi, A. (2010). On the simplified pair-copula construction – Simply useful or too simplistic? Journal of Multivariate Analysis, 101, 12961310.CrossRefGoogle Scholar
Jacobs, J. (2014). Analyzing Ponemon Cost of Data Breach. https://datadrivensecurity.info/blog/posts/2014/Dec/ponemon/ Google Scholar
Joe, H. (1996). Families of m-variate distributions with given margins and m(m−1)/2 bivariate dependence parameters. Lecture Notes-Monograph Series, 28, 120141.CrossRefGoogle Scholar
Joe, H. (1997). Multivariate Models and Dependence Concepts. Chapman & Hall, New York.Google Scholar
Joe, H. (2014). Dependence Modeling with Copulas. Chapman & Hall, New York.CrossRefGoogle Scholar
Kshetri, N. (2020). The evolution of cyber-insurance industry and market: an institutional analysis. Telecommunications Policy, 44, 114.CrossRefGoogle Scholar
McLeod, A. & Dolezel, D. (2018). Cyber-analytics: modeling factors associated with healthcare data breaches. Decision Support Systems, 108, 5768.CrossRefGoogle Scholar
Min, A. & Czado, C. (2010). Bayesian inference for multivariate copulas using pair-copula constructions. Journal of Financial Econometrics, 8, 511546.CrossRefGoogle Scholar
Min, A. & Czado, C. (2011). Bayesian model selection for D-vine pair-copula constructions. The Canadian Journal of Statistics, 39, 239258.CrossRefGoogle Scholar
Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A. & Sadhukhan, S.K. (2006). e-risk management with insurance: a framework using copula aided Bayesian belief networks. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS’06), 6, 126.Google Scholar
Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A. & Sadhukhan, S.K. (2013). Cyber-risk decision models: to insure IT or not? Decision Support Systems, 56, 1126.CrossRefGoogle Scholar
Nelsen, R.B. (1999). An Introduction to Copulas. Springer-Verlag, Heidelberg.CrossRefGoogle Scholar
Öğüt, H., Raghunathan, S. & Menon, N. (2011). Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection. Risk Analysis, 31, 497512.CrossRefGoogle ScholarPubMed
Okhrin, O., Okhrin, Y. & Schmid, W. (2013). On the structure and estimation of hierarchical Archimedean copulas. Journal of Econometrics, 173, 189204.CrossRefGoogle Scholar
Plummer, M. (2017). JAGS Version 4.3.0 User Manual. https://sourceforge.net/projects/mcmc-jags/ Google Scholar
Schmidt, R. & Stadtmüller, U. (2006). Non-parametric estimation of tail dependence. Scandinavian Journal of Statistics, 33, 307335.CrossRefGoogle Scholar
Shi, P. & Yang, L. (2018). Pair copula constructions for insurance experience rating. Journal of the American Statistical Association, 113, 122133.CrossRefGoogle Scholar
Sklar, A. (1959). Fonctions de répartition a n dimensions et leurs marges. Publications de l’Institut Statistique de l’Université de Paris, 8, 229231.Google Scholar
Smith, M.S. (2011). Bayesian approaches to copula modelling. In P. Damien, P. Dellaportas, N. Polson, and D. Stephens (Eds.), Hierarchical Models and MCMC: A Tribute to Adrian Smith (pp. 395–402). Oxford University Press, Oxford, Bayesian Statistics.Google Scholar
Smith, M.S. (2015). Copula modelling of dependence in multivariate time series. International Journal of Forecasting, 31, 815833.CrossRefGoogle Scholar
Smith, M.S. & Khaled, M.A. (2012). Estimation of copula models with discrete margins via Bayesian data augmentation. Journal of the American Statistical Association, 107, 290303.CrossRefGoogle Scholar
Smith, M., Min, A., Almeida, C. & Czado, C. (2010). Modeling longitudinal data using a pair-copula decomposition of serial dependence. Journal of the American Statistical Association, 105, 14671479.CrossRefGoogle Scholar
Spiegelhalter, D., Thomas, A., Best, N. & Lunn, D. (2003). WinBUGS User Manual. http://www.mrc-bsu.cam.ac.uk/bugs Google Scholar
Xu, M. & Hua, L. (2019). Cybersecurity insurance: modeling and pricing. North American Actuarial Journal, 23, 220249.CrossRefGoogle Scholar
Zhou, R. (2019). Modelling mortality dependence with regime-switching copulas. ASTIN Bulletin, 49, 373407.CrossRefGoogle Scholar