Skip to main content
SearchLogin or Signup

SCRAM: A Platform for Securely Measuring Cyber Risk

Published onSep 16, 2020
SCRAM: A Platform for Securely Measuring Cyber Risk

You're viewing an older Release (#2) of this Pub.

  • This Release (#2) was created on Aug 12, 2020 ()
  • The latest Release (#4) was created on May 20, 2021 ().


We develop a new cryptographic platform called SCRAM (Secure Cyber Risk Aggregation and Measurement) that allows multiple entities to compute aggregate cyber risk measures without requiring any entity to disclose its own sensitive data on cyber attacks, penetrations, and losses. We present results from two computations using the SCRAM platform: (1) benchmarks of the adoption rates of 171 critical security measures across six large firms; and (2) links between monetary losses from 49 security incidents and the specific subcontrol failures implicated in the incident. These results provide insight into problematic cyber-risk control areas that need additional scrutiny and/or investment, but do so in a completely anonymized and privacy-preserving platform.

Just Accepted - Preview

8/12/20: To preview this content, click below for the Just Accepted version of the article. This peer-reviewed version has been accepted for its content and is currently being copyedited to conform with HDSR’s style and formatting requirements.


No comments here