Part IV advances readers from operational methodology into the mathematical machinery that powers modern quantitative cyber risk analysis. The part is distinguished by its commitment to formal rigour: theorems, lemmas, and proofs are stated precisely, and all computational techniques are implemented in accompanying Python and MATLAB code. This approach enables readers to understand not merely what to compute but why specific techniques yield reliable results under defined conditions. Chapter 23 introduces Bayesian networks and directed acyclic graphs as causal models for risk propagation, providing inference algorithms that produce posterior risk distributions conditioned on observed evidence. Chapter 24 develops Value at Risk models adapted to the non-Gaussian, heavy-tailed loss distributions characteristic of cyber incidents, including historical simulation, parametric, and Monte Carlo variants calibrated against real breach datasets. Chapter 25 extends tail risk analysis using Extreme Value Theory, applying the Generalised Pareto Distribution to rare but catastrophic event modelling. Chapter 26 presents copula theory as the mathematical framework for modelling statistical dependencies between risk components that violate the independence assumption underlying simpler approaches. Chapter 27 addresses temporal dynamics through time series analysis, capturing autocorrelation, regime shifts, and trend components in security event sequences.

Chapter 28 develops hierarchical dependency models for multi-level enterprise architectures, integrating organisational layer interactions into consolidated enterprise risk metrics. Chapter 29 closes the part by applying copula methods specifically to systemic risk and contagion modeling, characterizing how a single point of failure propagates across interconnected business processes, supplier networks, and shared infrastructure - analytical work directly relevant to regulatory stress-testing and catastrophe insurance pricing.