Operational shock: A method for estimating cyber security incident costs for large Australian healthcare providers

Document Type

Journal Article

Publication Title

Journal of Cyber Security Technology

Publisher

Taylor & Francis

School

School of Science

RAS ID

62438

Comments

Dart, M., & Ahmed, M. (2023). Operational shock: A method for estimating cyber security incident costs for large Australian healthcare providers. Journal of Cyber Security Technology. Advance online publication. https://doi.org/10.1080/23742917.2023.2291914

Abstract

This paper introduces a novel cyber incident cost estimation methodology, applicable to large Australian healthcare providers. A review demonstrates the poor utility of current risk estimation approaches and the vulnerability of healthcare networks is evaluated using Leibniz’s law of indiscernibles, and Evans’ theory of vague objects. Finally, a quantitative cost calculation method is proposed, merging temporal and impact variables with service data from the Australian Institute of Health and Welfare.

This research demonstrates that existing attempts to measure cyber incident risk produces vague results. This is evidenced by 929 Australian healthcare data breaches recorded over 5 years, a AU$0.6bn annual national risk exposure, and low levels of healthcare cyber maturity across three states. The likelihood of data breaches is reported as 99.4%, with known ICT vulnerabilities exceeding 207,000. After logically concluding that healthcare networks are fundamentally insecure, an ‘operational shock’ calculation method is modelled against the AIHW data, to illustrate realistic cyber incident costs. This returns an exposure across Australia’s acute care hospital network of AU$148.1 m from a single incident that takes 1 week to resolve. In considering this quantum, risk transfer options using cyber insurance and improved agency cyber risk programs are required to mitigate significant financial risks.

DOI

10.1080/23742917.2023.2291914

Access Rights

subscription content

Share

 
COinS