What question did this study set out to answer?

The aim is to develop a quantitative framework for modeling cyber risk, accounting for uncertainty in various dimensions.

April 19, 2026Open Access

A Quantitative Framework for Cyber Risk Modeling under Uncertainty: Frequency–Severity, Tail Risk, and Board-Level Decision Coupling

Key Points

The aim is to develop a quantitative framework for modeling cyber risk, accounting for uncertainty in various dimensions.
Developed a frequency–severity architecture for cyber loss.
Incorporated factors such as overdispersed event frequencies and heavy-tailed severities.
Addressed reporting thresholds, truncation, and censoring in the model.
Emphasized governance coupling via risk appetite constraints and control optimization.
Established a detailed probabilistic framework for cyber risk.
Clarified the complexities of modeling under uncertainty.
Outlined next steps for empirical validation and executable reproducibility.

Abstract

This deposit contains a methodological preprint proposing a probabilistic framework for cyber risk modeling under uncertainty. The manuscript develops a quantitative frequency–severity architecture for cyber loss, explicitly incorporating overdispersed event frequencies, heavy-tailed severities, reporting thresholds, truncation, censoring, uncertainty propagation, and governance coupling through risk appetite constraints and control optimization. The paper is positioned as a methodological preprint rather than an empirically finalized validation study. Its primary contribution is the formal specification of a quantitative modeling framework and an audit-capable governance architecture for board-level cyber risk decision support. Empirical validation, executable reproducibility artifacts, and extended sensitivity outputs are identified as the next stage of work.

A Quantitative Framework for Cyber Risk Modeling under Uncertainty: Frequency–Severity, Tail Risk, and Board-Level Decision Coupling

Key Points

Abstract

Cite This Study