A taxonomy of cyber risk taxonomies

Giovanni Rabitti; Amir Khorrami Chokami; Patrick Coyle; Ruben D. Cohen

doi:10.1111/risa.16629

A taxonomy of cyber risk taxonomies

Giovanni Rabitti^*, Amir Khorrami Chokami, Patrick Coyle, Ruben D. Cohen

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

52 Downloads (Pure)

Abstract

The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy‐based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision‐making processes.

Original language	English
Pages (from-to)	376-386
Number of pages	11
Journal	Risk Analysis
Volume	45
Issue number	2
Early online date	2 Aug 2024
DOIs	https://doi.org/10.1111/risa.16629
Publication status	Published - 2 Feb 2025

Keywords

cyber risks
risk classification
industrial taxonomy

Access to Document

10.1111/risa.16629Licence: CC BY

Download pdf
© 2024 The Author(s).
Final published version, 171 KBLicence: CC BY

Cite this

@article{edb485b854dd412386bb807ca8b0e9b0,

title = "A taxonomy of cyber risk taxonomies",

abstract = "The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy‐based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision‐making processes.",

keywords = "cyber risks, risk classification, industrial taxonomy",

author = "Giovanni Rabitti and {Khorrami Chokami}, Amir and Patrick Coyle and Cohen, {Ruben D.}",

year = "2025",

month = feb,

day = "2",

doi = "10.1111/risa.16629",

language = "English",

volume = "45",

pages = "376--386",

journal = "Risk Analysis",

issn = "0272-4332",

publisher = "Wiley-Blackwell Publishing Ltd",

number = "2",

}

TY - JOUR

T1 - A taxonomy of cyber risk taxonomies

AU - Rabitti, Giovanni

AU - Khorrami Chokami, Amir

AU - Coyle, Patrick

AU - Cohen, Ruben D.

PY - 2025/2/2

Y1 - 2025/2/2

N2 - The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy‐based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision‐making processes.

AB - The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy‐based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision‐making processes.

KW - cyber risks

KW - risk classification

KW - industrial taxonomy

UR - http://www.scopus.com/inward/record.url?scp=85200213531&partnerID=8YFLogxK

U2 - 10.1111/risa.16629

DO - 10.1111/risa.16629

M3 - Article

C2 - 39091193

SN - 0272-4332

VL - 45

SP - 376

EP - 386

JO - Risk Analysis

JF - Risk Analysis

IS - 2

ER -

A taxonomy of cyber risk taxonomies

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this