Open AccessMotivation-based Attacker Modelling for Cyber Risk Management: A Quantitative Content: Analysis and a Natural Experiment
Author(s) -
Florian-Klaus Kaiser,
Marcus Wiens,
Frank Schultmann
Publication year - 2021
Publication title -
journal of information security and cybercrimes research
Language(s) - English
Resource type - Journals
eISSN - 1658-7782
pISSN - 1658-7790
DOI - 10.26735/nmmd9869
Subject(s) - computer science , risk analysis (engineering) , work (physics) , risk management , computer security , field (mathematics) , natural (archaeology) , content analysis , data science , engineering , business , mechanical engineering , social science , mathematics , archaeology , finance , sociology , pure mathematics , history
Cyber-attacks have a tremendous impact on worldwide economic performance. Hence, it is vitally important to implement effective risk management for different cyber-attacks, which calls for profound attacker models. However, cyber risk modelling based on attacker models seems to be restricted to overly simplified models. This hinders the understanding of cyber risks and represents a heavy burden for efficient cyber risk management. This work aims to forward scientific research in this field by employing a multi-method approach based on a quantitative content analysis of scientific literature and a natural experiment. Our work gives evidence for the oversimplified modelling of attacker motivational patterns. The quantitative content analysis gives evidence for a broad and established misunderstanding of attackers as being illicitly malicious. The results of the natural experiment substantiate the findings of the content analysis. We thereby contribute to the improvement of attacker modelling, which can be considered a necessary prerequisite for effective cyber risk management.