Macquarie University
01whole.pdf (1.4 MB)

Incentive model for managing cyber risk in the supply chain

Download (1.4 MB)
posted on 2022-03-29, 03:26 authored by Wai Ming Denny Wan
Competition has transformed many economic processes, from manufacturing to financial services, into complex supply chains. Entities along these chains specialise in core processes in which they have a competitive advantage, measured by their ability to manage the process risk at the lowest cost. Outsourcing of non-core processes does not relieve these entities from the associated regulatory compliance obligations and other liabilities. The rapid rise in financial liabilities from cyber-attacks, from record fines to class action settlements, demands a better understanding and handling of these outsourcing arrangements. Unfortunately, our limited understanding of the rapidly evolving nature of cyber-attacks and the difficulty of quantifying cyber risk present a challenge in managing liability from cyber risks. The traditional compliance-based approach does not offer an assurance of security, with an increasing number of organisations suffering major data breaches despite being certified. This research explores an alternative approach in building an incentive driven risk-sharing approach to minimise preventable data breaches. It focuses on improving cyber resilience at the source of risk. An incentive model ontology leveraging quantification techniques is presented to identify the key elements in the incentive model. This approach has been validated through the APRA CPS 234 and a cyber insurance use case.


Table of Contents

1. Introduction -- 2. Literature review -- 3. Incentive model ontology -- 4. APRA CPS 234 use case -- 5. Cyber insurance use case -- 6. CyberMetrics -- 7. Conclusion -- 8. Future research -- Bibliography.


Theoretical thesis. Bibliography: pages 54-58

Awarding Institution

Macquarie University

Degree Type

Thesis MRes


MRes, Macquarie University, Faculty of Science and Engineering, Department of Computing

Department, Centre or School

Department of Computing

Year of Award


Principal Supervisor

Christopher Doche

Additional Supervisor 1

Pave Shevchenko


Copyright Wai Ming Denny Wan 2020. Copyright disclaimer:




1 online resource (vii, 58 pages)

Former Identifiers