Our mission is to tackle research challenges within the field of cyber risk management and invent methods to support cyber security decision-makers with their constant ‘‘fights’’ against cyber threats. Our work has been funded by the National Center for Cyber Security (NCSC), the EPSRC, and the European Commission. Our research focus is on the lifecycle of cyber risk minimisation process. By using well-known cyber knowledge bases (e.g. CVEs, MITRE ATT&CK), our research brings together cyber practice and applied mathematics. Prominent part of our work is the development of tools to support optimal strategies and decisions when addressing these cyber challenges.

CRL’s research on cyber risk management studies how to address risk from different yet complementary perspectives to bring context to the overall security of the underlying environment (e.g. IoT, healthcare, domestic life, SME). Our research commences with a phase of risk assessment (vulnerability-based, threat-based, and control-based), succeeded by studying pre-emptive cyber risk controls, identify cyber and privacy threats, and propose reactive responses. Post-incident analysis within the context of cyber forensics has also been studied by PhD research in our lab. We then model the interaction of cyber controls, their costs (time, people), and benefits in improving cyber risk. Depending on the underlying use case, CLR’s research proposes optimal ways to achieve security compliance, optimal return-on-security-investment (ROSI), and understandable ways for the decision-maker (e.g. CISO) to communicate their decision to stakeholders prior to cyber investment decisions.