Defining cyber risk

Abstract

Abstract Rapid digitization of the economy and social relations is the main reason why the issues of cyber risk, cyber threats and cybersecurity are continually gaining importance. Despite the increase in the number of research papers in these areas, scholarly articles defining cyber risk are relatively scarce. Moreover, the uniform broadly accepted definition of cyber risk has not been adopted yet, probably due to the interdisciplinary nature of this concept and the dynamics of its change. The paper contributes to the literature on the cyber risk, cybersecurity and cyber risk management. The author presents a comparative content analysis of existing definitions of cyber risk. Based on identification of three key characteristics of the cyber risk concept (source of cyber risk, cyber risk object, impact of cyber risk) in each definition, the analysed definitions are categorised as one-dimensional, two-dimensional or comprehensive definition. Among the collected 20 definitions of cyber risk, there is only one that can be called comprehensive. The remaining definitions address only selected aspects of this notion. The author proposes a new, comprehensive and universal definition of cyber risk. As an extension to the proposed approach, the ontological meta model of the cyber risk concept is developed. It supports deeper description of the cyber risk concept by depicting functional interdependencies with other terms and factors that constitute the cyber risk framework.