| dc.contributor.author | Pal, Ranjan | |
| dc.contributor.author | Duan, Konnie | |
| dc.contributor.author | Sequeira, Rohan | |
| dc.date.accessioned | 2026-02-10T23:00:34Z | |
| dc.date.available | 2026-02-10T23:00:34Z | |
| dc.date.issued | 2025-06-22 | |
| dc.identifier.isbn | 979-8-4007-1591-4 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/164783 | |
| dc.description | SIGSIM-PADS ’25, Santa Fe, NM, USA | en_US |
| dc.description.abstract | The market to manage critical infrastructure cyber-risks using cyber insurance (CI) has been growing steadily (but not fast enough) as it is still skeptical of the extent of economic and societal impact of systemic risk across networked supply chains in interdependent IT-driven enterprises. To demystify this skepticism, we first study in this paper the role of (a) the statistical nature of multiple enterprise cyber-risks contributing to aggregate supply chain risk and (b) the graph structure of the underlying enterprise supply chain network, in the statistical spread of aggregate cyber-risk. We provide statistical tail bounds on the aggregate cyber-risk that a risk managing firm such as a cyber insurer is exposed to in a supply chain. Subsequently, we study the problem of aggregate cyber-risk management by cyber re-insurance firms via portfolio design to optimally diversify aggregate/systemic cyber-risk sourced from multiple CIs insuring enterprises on a supply chain. We propose the first mathematical framework for re-insurers to test the operational sustainability of systemic cyber-risk diversification portfolios with respect to the standard Value-at-Risk (VaR) metric for general aggregate cyber risk distributions. We also propose a statistical copula methodology to make systemic cyber-risk portfolio diversification sustainable for re-insurers in scenarios where the sustainability test fails. We validate our theory via Monte Carlo simulations. | en_US |
| dc.publisher | ACM|39th ACM SIGSIM Conference on Principles of Advanced Discrete Simulation | en_US |
| dc.relation.isversionof | https://doi.org/10.1145/3726301.3728400 | en_US |
| dc.rights | Creative Commons Attribution | en_US |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en_US |
| dc.source | Association for Computing Machinery | en_US |
| dc.title | A Theory to Estimate, Bound, and Manage Systemic Cyber-Risk | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Ranjan Pal, Konnie Duan, and Rohan Sequeira. 2025. A Theory to Estimate, Bound, and Manage Systemic Cyber-Risk. In Proceedings of the 39th ACM SIGSIM Conference on Principles of Advanced Discrete Simulation (SIGSIM-PADS '25). Association for Computing Machinery, New York, NY, USA, 70–80. | en_US |
| dc.contributor.department | Sloan School of Management | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.identifier.mitlicense | PUBLISHER_POLICY | |
| dc.eprint.version | Final published version | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dc.date.updated | 2025-08-01T08:55:57Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | The author(s) | |
| dspace.date.submission | 2025-08-01T08:55:57Z | |
| mit.license | PUBLISHER_CC | |
| mit.metadata.status | Authority Work and Publication Information Needed | en_US |
