Abstract
Cyber incidents often take time to be detected and even further time to be reported. Due to reporting delays, the reported proportion of recent incidents is smaller than for older incidents, resulting in the false impression of a diminishing frequency of cyber incident counts in recent years when examining databases of (publicly) reported cyber incidents. Obtaining an accurate view of the true trend therefore requires correcting for reporting delays. Complicating matters is the fact that the distribution of reporting delays differs from industry to industry. This paper investigates four distinct industries of US companies: Finance and Insurance, Educational Services, Health Care and Social Assistance, and Public Administration. This paper presents the correction for reporting delays in USA and by industry, with specific emphasis on the given industries. The research finds that there are longer reporting delays in Finance and Insurance, compared to the other three industries examined.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
This corresponds to incidents that occurred from August 2014 through July 2016
\(1 \, Year = 360 \,Days\), computed based on 30 days per month in a year
30 days per month convention applied to allow uniform discretization for delay and age histograms
References
Ackerman, G.: G-20 urged to treat cyber-attacks as threat to global economy. http://www.bloomberg.com/news/2013-06-13/g-20-urged-to-treat-cyber-attacks-as-threat-to-economy.html (2013)
Audit Analytics. Trends in cybersecurity breaches. Tech. rep., Audit Analytics, Massachusetts, USA. https://go.auditanalytics.com/cybersecurityreport (2021)
Brookmeyer, R., Damiano, A.: Statistical methods for short-term projections of AIDS incidence. Stat. Med. 8(1), 23–34 (1989). https://doi.org/10.1002/sim.4780080105
Brookmeyer, R., Liao, J.: The analysis of delays in disease reporting: methods and results for the acquired immunodeficiency syndrome. Am. J. Epidemiol. 132(2), 355–365 (1990). https://doi.org/10.1093/oxfordjournals.aje.a115665
Cheng, F.F., Ford, W.L.: Adjustment of aids surveillance data for reporting delay to the editor (1991)
Downs, A.M., Ancelle, R.A., Jager, H.J., Brunet, J.B.: AIDS in Europe: current trends and short-term predictions estimated from surveillance data, January 1981-June 1986. AIDS 1(1), 53–57 (1987)
Downs, A.M., Ancelle, R., Jager, J.C., Heisterkamp, S.H., Van Druten, J.A., Ruitenberg, E.J., Brunet, J.B.: The statistical estimation, from routine surveillance data, of past, present and future trends in AIDS incidence in Europe. In: Jager, J.C., Ruitenberg, E.J. (eds.) Statistical Analysis and Mathematical Modelling of AIDS, pp. 1–16. Oxford University Press, Oxford (1988)
Esbjerg, S., Keiding, N., Koch-Henriksen, N.: Reporting delay and corrected incidence of multiple sclerosis. Stat. Med. 18(13), 1691–1706 (1999). https://doi.org/10.1002/(SICI)1097-0258(19990715)18:13<1691::AID-SIM160>3.0.CO;2-D
Gail, M.H., Brookmeyer, R.: Methods for projecting course of acquired immunodeficiency syndrome epidemic. J. Natl. Cancer Inst. 80(12), 900–911 (1988). https://doi.org/10.1093/jnci/80.12.900
Hampel, F., Zurich, E.: Is statistics too difficult? Can. J. Stat. 26(3), 497–513 (1998). https://doi.org/10.2307/3315772
Hansen, N.: The CMA evolution strategy: a comparing review. In: Lozano, J.A., Larranaga, P., Inza, I., Bengoetxea, E. (eds.) Towards a New Evolutionary Computation. Advances on Estimation of Distribution Algorithms, vol. 192, pp. 75–102. Springer, Berlin (2006)
Hansen, N.: The CMA evolution strategy: a tutorial. Computing Research Repository. http://arxiv.org/abs/1604.00772 (2016)
Hansen, N.: CMA—python package. https://pypi.org/project/cma/ (2019)
Harris, JE.: Delay in reporting acquired immune deficiency syndrome (AIDS). National Bureau of Economic Research Working Paper Series No. 2278. http://www.nber.org/papers/w2278%5Cn. http://www.nber.org/papers/w2278.pdf (1987)
Healy, M.J.R., Tillett, H.E.: Short-term extrapolation of the AIDS epidemic. J. R. Stat. Soc. A Stat. Soc. 151(1), 50 (1988). https://doi.org/10.2307/2982184
Heisterkamp, S.H., Jager, J.C., Downs, A.M., Van Druten, J.A.: The use of Genstat in the estimation of expected numbers of AIDS cases adjusted for reporting delays. In: Fifth Genstat Conference, pp. 4–18 (1988)
Heisterkamp, S.H., Jager, J.C., Downs, A.M., Van Druten, J.A., Ruitenberg, E.J.: Statistical estimation of AIDS incidence from surveillance data and the link with modelling of trends. In: Statistical Analysis and Mathematical Modelling of AIDS, pp. 17–25. Oxford University Press, Oxford (1988)
Heisterkamp, S.H., Jager, J.C., Ruitenberg, E.J., Van Druten, J.A., Downs, A.M.: Correcting reported aids incidence: a statistical approach. Stat. Med. 8(8), 963–976 (1989). https://doi.org/10.1002/sim.4780080807
Kalbfleisch, J.D., Lawless, J.F.: Regression models for right truncated data with applications to aids incubation times and reporting lags. Stat. Sin. 1(1), 19–32 (1991)
Mathews, L.: 2016 saw an insane rise in the number of ransomware attacks. https://www.forbes.com/sites/leemathews/2017/02/07/2016-saw-an-insane-rise-in-the-number-of-ransomware-attacks/#5b56176258dc (2017)
Morgan, W.M., Curran, J.W.: Acquired immunodeficiency syndrome: current and future trends. Public Health Rep. 101(5), 459–465 (1986)
Rosenberg, P.S.: A simple correction of AIDS surveillance data for reporting delays. J. Acquir. Immune Defic. Syndr. 3(1), 49–54 (1990)
Rosinska, M., Pantazis, N., Janiec, J., Pharris, A., Amato-Gauci, A.J., Quinten, C., Schmid, D., Sasse, A., van Beckhoven, D., Varleva, T., Blazic, T.N., Hadjihannas, L., Koliou, M., Maly, M., Cowan, S., Rüütel, K., Liitsola, K., Salminen, M., Cazein, F., Pillonel, J., Lot, F., Gunsenheimer-Bartmeyer, B., Nikolopoulos, G., Paraskeva, D., Dudas, M., Briem, H., Sigmundsdottir, G., Igoe, D., O’Donnell, K., O’Flanagan, D., Suligoi, B., Konova, Š, Erne, S., Čaplinskienė, I., Schmit, A.F.J.C., Melillo, J.M., Melillo, T., de Coul, E.O., van Sighem, A., Blystad, H., Rosinska, M., Aldir, I., Martins, H.C., Mardarescu, M., Truska, P., Klavs, I., Diaz, A., Axelsson, M., Delpech, V.: Potential adjustment methodology for missing data and reporting delay in the HIV surveillance system, European Union/European Economic Area, 2015. Eurosurveillance (2018). https://doi.org/10.2807/1560-7917.ES.2018.23.23.1700359
Sangari, S., Dallal, E.: Correcting for reporting delays in cyber incidents. In: JSM Proceedings, Risk Analysis Section, pp. 721–735. Alexandria, VA, American Statistical Association (2021)
Wang, M.C.: The analysis of retrospectively ascertained data in the presence of reporting delays. J. Am. Stat. Assoc. 87(418), 397 (1992). https://doi.org/10.2307/2290270
Weinberger, D.M., Chen, J., Cohen, T., Crawford, F.W., Mostashari, F., Olson, D., Pitzer, V.E., Reich, N.G., Russi, M., Simonsen, L., Watkins, A., Viboud, C.: Estimation of excess deaths associated with the COVID-19 pandemic in the United States, March to May 2020. JAMA Intern. Med. 180(10), 1336–1344 (2020). https://doi.org/10.1001/jamainternmed.2020.3391
White, L.F., Wallinga, J., Finelli, L., Reed, C., Riley, S., Lipsitch, M., Pagano, M.: Estimation of the reproductive number and the serial interval in early phase of the 2009 influenza A/H1N1 pandemic in the USA. Influenza Other Respir. Viruses 3(6), 267–276 (2009). https://doi.org/10.1111/j.1750-2659.2009.00106.x
Acknowledgements
The study is conducted with Verisk Extreme Event Solutions using their proprietary cyber data.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sangari, S., Dallal, E. & Whitman, M. Modeling reporting delays in cyber incidents: an industry-level comparison. Int. J. Inf. Secur. 22, 63–76 (2023). https://doi.org/10.1007/s10207-022-00623-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-022-00623-5