Decision tree applied in classifying the occurrence of cyber claims in banking sector companies

Authors

DOI:

https://doi.org/10.19094/contextus.2023.83423

Keywords:

risk management, cyber risk, decision tree, GLM, banking sector

Abstract

The study aimed to predict cyber claims in companies in the banking sector using a decision tree. To this end, 683 cases of cyber losses were extracted from an operational risk database. The independent variables considered in the modeling were the region of domicile, the size of the company and, as main explanatory variable, revenue. The classification reached 89% of global hits. The modeling in question guarantees a good classification quality and better fit when compared to traditional GLM modeling. The results of this work are useful and can act in an innovative way as a tool to support the decision making of insurers, aiming at useful responses to the management of cyber risks.

Author Biography

Alana Katielli Nogueira Azevedo, Federal University of Ceará (UFC)

Professor at the Federal University of Ceará (UFC) 

PhD student in Mathematics Applied to Economics and Management at the University of Lisbon (ULISBOA) 

Master in Economics from the Federal University of Ceará (UFC) 

References

Allianz. (2022). 11º Allianz Risk Barometer 2022. https://www.abtra.org.br/inovacao-e-tecnologia/11o-allianz-risk-barometer-2022/

Biener, C., Eling, M., & Wirfs, J. H. (2015). Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance-Issues and Practice, 40, 131-158. https://doi.org/10.1057/gpp.2014.19

Bonini, J. A. (2016). Aplicação de algoritmos de árvore de decisão sobre uma base de dados de câncer de mama. Revista ComInG-Communications and Innovations Gazette, 1(1), 57-67. https://doi.org/10.5902/2448190421132

Breiman, L., Friedman, J. H., Olshen, R. A., & Stone, C. J. (2017). Classification and regression trees. New York: Routledge.

Burnham, K. P. and Anderson, D. R. (2004). Multimodel inference: understanding aic and bic in model selection. Sociological methods & research, 33(2), 261-304. https://doi.org/10.1177/0049124104268644

Carfora, M., Martinelli, F., Mercaldo, F., & Orlando, A. (2019). Cyber risk management: An actuarial point of view. Journal of Operational Risk, 14(4). https://doi.org/10.21314/JOP.2019.231

ClearSale (2022). Mapa da fraude 2022. https://br.clear.sale/mapa-da-fraude

CRO. (2016). Forum concept paper on a proposed categorisation methodology for cyber risk. https://www.thecroforum.org

Cunningham, P., Cord, M., & Delany, S. J. (2008). Supervised learning. In M. Cord & P. Cunningham (Eds.), Machine learning techniques for multimedia (pp. 21-49). Berlin: Springer.

Dal Moro, E. (2020). Towards an economic cyber loss index for parametric cover based on IT security indicator: A preliminary analysis. Risks, 8(2), 45. https://doi.org/10.3390/risks8020045

Ecotrust. (2023). Gestão de vulnerabilidades na área financeira: por que se preocupar? https://blog.ecoit.com.br/gestao-de-vulnerabilidades-na-area-financeira/

Eling, M., & Schnell, W. (2016). What do we know about cyber risk and cyber risk insurance?. The Journal of Risk Finance, 17(5), 474-491. https://doi.org/10.1108/JRF-09-2016-0122

Faceli, K., Lorena, A. C., Gama, J., & Carvalho, A. C. P. D. L. F. D. (2011). Inteligência artificial: uma abordagem de aprendizado de máquina. Rio de Janeiro: LTC.

Fortinet. (2022). Brasil é o segundo país que mais sofre ataques cibernéticos na América Latina. https://www.fortinet.com/br/corporate/about-us/newsroom/press-releases/2022/brasil-e-o-segundo-pais-que-mais-sofre-ataques-ciberneticos-na-a

Gai, K., Qiu, M., & Elnagdy, S. A. (2016, April). Security-aware information classifications using supervised learning for cloud-based cyber risk management in financial big data. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 197-202. New York, United States of America.

Hamoud, A., Hashim, A. S., & Awadh, W. A. (2018). Predicting student performance in higher education institutions using decision tree analysis. International Journal of Interactive Multimedia and Artificial Intelligence, 5, 26-31. https://doi.org/ 10.9781/ijimai.2018.02.004

Karam, E. (2014). Measuring and managing operational risk in the insurance and banking sectors (Doctoral dissertation, Université Claude Bernard-Lyon I).

Lemos, E. P., Steiner, M. T. A., & Nievola, J. C. (2005). Análise de crédito bancário por meio de redes neurais e árvores de decisão: uma aplicação simples de data mining. Revista de Administração-RAUSP, 40(3), 225-234.

Linero, A. R. (2018). Bayesian regression trees for high-dimensional prediction and variable selection. Journal of the American Statistical Association, 113(522), 626-636. https://doi.org/10.1080/01621459.2016.1264957

Marotta, A., Martinelli, F., Nanni, S., Orlando, A., & Yautsiukhin, A. (2017). Cyber-insurance survey. Computer Science Review, 24, 35-61. https://doi.org/10.1016/j.cosrev.2017.01.001

Martinez, E. Z., Louzada-Neto, F., & Pereira, B. D. B. (2003). A curva ROC para testes diagnósticos. Caderno saúde coletiva, 11, 7-31.

Pekár, S., & Brabec, M. (2018). Generalized estimating equations: A pragmatic and flexible approach to the marginal GLM modelling of correlated data in the behavioural sciences. Ethology, 124(2), 86-93. https://doi.org/10.1111/eth.12713

Peng, C., Xu, M., Xu, S., & Hu, T. (2018). Modeling multivariate cybersecurity risks. Journal of Applied Statistics, 45(15), 2718-2740. https://doi.org/10.1080/02664763.2018.1436701

Podhorská, I., Vrbka, J., Lazaroiu, G., & Kovacova, M. (2020). Innovations in financial management: Recursive prediction model based on decision trees. Marketing and Management of Innovations, 3, 276-292. https://doi.org/10.21272/mmi.2020.3-20

Portugal, M. S. (1995). Notas introdutórias sobre o princípio de máxima verossimilhança: Estimação e teste de hipóteses. DECON/UFRGS, Porto Alegre, Abril.

Quinlan, J. R. (1993). C4.5: Programs for Machine Learning. São Francisco: Morgan-Kaufmann.

Sembiring, N. S. B., Sinaga, M. D., Ginting, E., Tahel, F., & Fauzi, M. (2021, September). Predict the Timeliness of Customer Credit Payments at Finance Companies Using a Decision Tree Algorithm. In 2021 9th International Conference on Cyber and IT Service Management (CITSM), Bengkulu, Indonesia.

RL, M., & Mishra, A. K. (2022). Measuring financial performance of Indian manufacturing firms: application of decision tree algorithms. Measuring Business Excellence, 26(3), 288-307. https://doi.org/10.1108/mbe-05-2020-0073

Ruiz-Maya, L. (1978). Sobre la metodología del Índice de Gini. Universidad Autónoma de Madrid. https://repositorio.uam.es/bitstream/handle/10486/5861/36175_6.pdf?sequence=1

Saha, D., Young, T. M., & Thacker, J. (2023). Predicting firm performance and size using machine learning with a Bayesian perspective. Machine Learning with Applications, 11, 100453. https://doi.org/10.1016/j.mlwa.2023.100453

Sousa, A. F., Neto, Silva, J. F. G., & Oliveira, G. N. (2021). Predição de Pagamentos Atrasados Através de Algoritmos Baseados em Árvore de Decisão. Revista de Engenharia e Pesquisa Aplicada, 6(5), 1-10. https://doi.org/10.25286/repa.v6i5.1746

Subroto, A., & Apriyana, A. (2019). Cyber risk prediction through social media big data analytics and statistical machine learning. Journal of Big Data, 6(1), 1-19. https://doi.org/10.1186/s40537-019-0216-1

Vidhya, A. (2021). Tree Based Algorithms: A Complete Tutorial from Scratch (in R & Python). https://www.analyticsvidhya.com/blog/2016/04/tree-based-algorithms-complete-tutorial-scratch-in-python/

Xu, M., & Hua, L. (2019). Cybersecurity insurance: Modeling and pricing. North American Actuarial Journal, 23(2), 220-249. https://doi.org/10.1080/10920277.2019.1566076

Yuvaraj, N., Chang, V., Gobinathan, B., Pinagapani, A., Kannan, S., Dhiman, G., & Rajan, A. R. (2021). Automatic detection of cyberbullying using multi-feature based artificial intelligence with deep decision tree classification. Computers & Electrical Engineering, 92. https://doi.org/10.1016/j.compeleceng.2021.107186

Downloads

Published

2023-10-17

How to Cite

Azevedo, A. K. N. (2023). Decision tree applied in classifying the occurrence of cyber claims in banking sector companies. Contextus - Contemporary Journal of Economics and Management, 21(esp.1), e83423. https://doi.org/10.19094/contextus.2023.83423

Issue

Vol. 21 No. esp.1 (2023): Special Edition - Actuarial Sciences

Section

Chamada Especial - Ciências Atuariais

License

Copyright (c) 2023 Journal: only for the 1st publication

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

 

The authors, while doing the submission, accept the notice below:

We authors hold the copyright related to our paper and transfer Contextus journal the right for the first publication with a Creative Commons’ international license of the modality Attribution – Non-commercial 4.0, which in turn allows the paper to be shared providing that both the authorship and the journal’s right for initial release are acknowledged.

Furthermore, we are aware of our permission to take part in additional contracts independently for non-exclusive distribution of the version of our work published in this journal (e.g. publishing it in an institutional repository or as a book chapter), while acknowledging both the authorship and the journal’s initial publication.

We also certify that the paper is original and up to this date has not been released in any other journal, Brazilian or of another nationality, either in Portuguese or another language, as well as it has not been sent for simultaneous publication in other journals.

Last, we not only know that plagiarism is not tolerated by Contextus but also certify the paper presents the sources of passages from cited works, including those authored by ourselves.