Some remarks on malicious and negligent data breaches

Digitization offers great opportunities as well as new challenges. Indeed, these opportunities entail increased cyber risks, both from deliberate cyberattacks and from incidents caused by inadvertent human error. Cyber risk must be mastered, and to this aim, its quantification is an urgent challenge. There is a lot of interest in this topic from the insurance community in order to price adequate coverage to their customers. A key first step is to investigate the frequency and severity of cyber incidents. On the grounds that data breaches seem to be the main cause of cyber incidents, the aim of this paper is to give further insights about the frequency and severity statistical distributions of malicious and negligent data breaches. For this purpose, we refer to a publicly available dataset: the Chronology of Data Breaches provided by the Privacy Rights Clearinghouse.