Policy ForumCyber Risk

Cyber risk research impeded by disciplinary barriers

See allHide authors and affiliations

Science  29 Nov 2019:
Vol. 366, Issue 6469, pp. 1066-1069
DOI: 10.1126/science.aaz4795

You are currently viewing the summary.

View Full Text

Log in to view the full text

Log in through your institution

Log in through your institution

Summary

Cyber risk encompasses a broad spectrum of risks to digital systems, such as data breaches or full-fledged cyber attacks on the electric grid. Efforts to systematically advance the science of cyber risk must draw on not only computer science but also fields such as behavioral science, economics, law, management science, and political science. Yet, many scholars believe that they have sufficient understanding of other fields to comprehensively address the inherently cross-disciplinary nature of cyber risk. For example, a statistician might apply Bayesian modeling to predict future cyber events, even though it is not entirely clear what bearing historical cyber events have on future ones. Computer scientists might write on data protection laws, yet with little knowledge of legal jurisdiction issues. Such questions of disciplinary ownership, the inability to coordinate across disciplines, and the undefined scope of the problem domain have thus plagued inherently cross-disciplinary cyber risk research. Drawing on global expertise and challenges from industry, academia, nonprofit organizations, and governments, we adapted the classical risk-management process to identify core research questions for cyber risk, gaps in knowledge that need to be addressed for advances in security, and opportunities for cross-disciplinary collaboration for each area. Although we mention specific disciplines reflective of our backgrounds, these are not the only ones that should be conducting cyber risk research.

View Full Text

Stay Connected to Science