10/6/17: Visualizing Cyber Security Attacks

Here is a brilliant visualization of data breaches over time and by size: http://www.visualcapitalist.com/worlds-biggest-data-breaches/.

As the chart above clearly shows, the number of reporter/disclosed attacks has exploded, staring with 2014, and the volume of attacks (data files impacted) has blown out starting 2010 (note: Yahoo attacks were severely lagged in reporting). In part, the two factors are down to changes in reporting and disclosure rules, and in part they are down to changes in reporting practices. But, as we observe econometrically in our recent papers on the subject: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2892842 and https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2904749, the pattern on frequency, severity and impact of attacks, as well as their typology, are richer than the chart above provides.

Starting with 2010s, the typology of cyber security risks and attacks has been shifting from malicious and accidental losses of hardware and accidental disclosures of data to malware-based hacks, direct hacks, and illegal disclosures. The distribution of attacks has been changing since 2014, with smaller and larger, state and private sector players being hit with higher frequency, as opposed to the 2000s-early 2010s when we had more concentrated distribution of attacks. And, crucially, the impact of the attacks is also changing: starting with 2014, we are witnessing systemic shocks contagion propagating from individual attack targets to their exchanges and even to other exchanges.