Abstract
Modeling of Catastrophic Cyber Events in Industrial Environments
Keywords: Cyber risk, AI, Data Science
he presentation focuses on modeling catastrophic cyber events in industrial environments and their impact on portfolio risk accumulation. It introduces the concept of Cyber CAT models, which are designed to assess rare but high-impact cyber incidents—similar to how natural catastrophe models work for events like hurricanes or earthquakes. However, cyber catastrophes pose unique challenges due to their low frequency, lack of historical data, complex correlations, and diverse manifestations of loss across interconnected systems.
The presentation explains how DeNexus’ platform, DeRISK, uses advanced data science to quantify cyber risk by combining inside-out telemetry from operational technology (OT) networks with outside-in threat intelligence. It models attack paths, loss event impacts, and mitigation strategies using statistical methods and simulations. The system supports risk-informed decision-making by estimating financial losses, identifying vulnerabilities, and recommending optimal mitigation actions based on ROI and implementation feasibility. Ultimately, it enables organizations and insurers to understand, manage, and transfer cyber risk more effectively across portfolios.
Masterclass delivered at the Master in Statistics for Data Science, by invitation of the Carlos III University of Madrid.