Explainable AI based dynamic cybersecurity risk management for cyber insurability
摘要
Cybersecurity risk is one of the primary and growing concerns for ensuing security and resilience of organizations, regardless of their size and type. While proactive risk management is effective, it is challenging due to the evolving and sophisticated threat landscape, exploitation of known and unknown vulnerabilities, and a dynamic security context. The dynamic security context further complicates to calculate the accurate risk level, leading to risk perception that can vary between different stakeholders. However, the demand for adopting cyber insurance is increasing as an effective risk mitigation strategy to avoid any potential loss. In this context, this paper proposes an Explainable AI (XAI) based dynamic cybersecurity risk management approach for informed cyber insurability decision making. The approach utilizes an Large Language Model (LLM) based framework for real-time, contextualized risk level assessment and adopts XAI techniques such as feature contribution and correlation, to justify the decision making. A comprehensive evaluation using an industrial use case and experiment demonstrates the applicability of the proposed approach. The experiment part uses a widely used vulnerability dataset to predicate high exploitable vulnerabilities and links them with the identified assets of the use case scenario. The result shows 96.9% accuracy for the exploitable vulnerability identification and XAI operationalisation justifies the selection of right security control and the cyber insurability decision based on the residual risk.