In 1988, the first known cyberattack was launched by Robert Tappan Morris, then a student of Cornell University and alumnus of Harvard, who later became a tenured professor at the MIT. By the start of the current millennium, such events began causing damages in billions of dollars. In the last ten years, cyberattacks have started assuming ginormous proportions. Prankster hackers in their teens and 20s gave way to corporate-type crime syndicates on the “dark web” with deep pockets, “domain experts”, active underground networks for cooperation, information exchange and the synchronised execution of attacks, often with state patronage. It is not surprising that, today, CEOs of a large number of Fortune 500 companies identify cyber risk as one of the biggest systemic risks they are faced with. Loss of reputation is perceived to be the biggest threat, followed by fines and penalties, business discontinuity, loss of income/assets, ransom demands, etc. In order to formulate appropriate strategies to deal with cyberthreats, any corporate body needs to gauge the monetary equivalent of the overall damage that the company may suffer in the…
