Using cyber insurance to run virtuous circles around cyber risk

This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.

Download Full-text

Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance

Information Systems Frontiers ◽

10.1007/s10796-017-9808-5 ◽

2017 ◽

Vol 21 (5) ◽

pp. 997-1018 ◽

Cited By ~ 6

Author(s):

Arunabha Mukhopadhyay ◽

Samir Chatterjee ◽

Kallol K. Bagchi ◽

Peteer J. Kirs ◽

Girja K. Shukla

Keyword(s):

Risk Assessment ◽

Cyber Insurance ◽

Probit Models ◽

Logit And Probit Models ◽

Cyber Risk

Download Full-text

Cyber Insurance as a Way of Cyber Risks Management

Safety in Technosphere ◽

10.12737/article_5d8b1f1205ad35.02378913 ◽

2019 ◽

Vol 7 (5) ◽

pp. 35-42

Author(s):

Александр Суворов ◽

Aleksandr Suvorov ◽

Мария Матанцева ◽

Mariya Matanceva ◽

Евгения Плотникова ◽

...

Keyword(s):

Cyber Security ◽

Insurance Industry ◽

Security Level ◽

Controversial Issues ◽

It Infrastructure ◽

Software Products ◽

Cyber Insurance ◽

Risk Insurance ◽

Commercial Organization ◽

Cyber Risk

A review of the cyber insurance domain has been carried out with a description of classical terms from the insurance industry. Have been considered two the most comprehensive today definitions of cyber risk in authors’ opinion. A diagram of processes for cyber risk management using insurance has been presented, and the place of cyber-risk among other company’s risks has been demonstrated, i. e. the context of cyber risk among the risks of any commercial organization has been shown. A typical cyber insurance process has been described, and a scheme of cyber insurance processes has been developed. A brief description of problem areas and controversial issues in cyber insurance, with which cyber-risk insurance practices may face, has been presented, as well as a table showing at which stage of cyber-insurance the specific problems may arise. Has been provided the basic economic utility function, which formalizes decision making for agents with a different attitude to risk. Standards in cyber security, and various software products that can be used as a tool for assessing the security level of an enterprise’s IT infrastructure have been presented, and it has been demonstrated how these products can help in cyber risk assessment. Different methods used at each stage of cyber insurance have been shown.

Download Full-text

Cyber Insurance Ratemaking: A Graph Mining Approach

Risks ◽

10.3390/risks9120224 ◽

2021 ◽

Vol 9 (12) ◽

pp. 224

Author(s):

Yeftanus Antonio ◽

Sapto Wahyu Indratno ◽

Rinovia Simanjuntak

Keyword(s):

Graph Mining ◽

Risk Model ◽

Critical Issue ◽

Insurance Companies ◽

Infection Rates ◽

Network Characteristics ◽

Cyber Insurance ◽

Competitive Prices ◽

Unweighted Network ◽

Cyber Risk

Cyber insurance ratemaking (CIRM) is a procedure used to set rates (or prices) for cyber insurance products provided by insurance companies. Rate estimation is a critical issue for cyber insurance products. This problem arises because of the unavailability of actuarial data and the uncertainty of normative standards of cyber risk. Most cyber risk analyses do not consider the connection between Information Communication and Technology (ICT) sources. Recently, a cyber risk model was developed that considered the network structure. However, the analysis of this model remains limited to an unweighted network. To address this issue, we propose using a graph mining approach (GMA) to CIRM, which can be applied to obtain fair and competitive prices based on weighted network characteristics. This study differs from previous studies in that it adds the GMA to CIRM and uses communication models to explain the frequency of communications as weights in the network. We used the heterogeneous generalized susceptible-infectious-susceptible model to accommodate different infection rates. Our approach adds up to the existing method because it considers the communication frequency and GMA in CIRM. This approach results in heterogeneous premiums. Additionally, GMA can choose more active communications to reflect high communications contribution in the premiums or rates. This contribution is not found when the infection rates are the same. Based on our experimental results, it is apparent that this method can produce more reasonable and competitive prices than other methods. The prices obtained with GMA and communication factors are lower than those obtained without GMA and communication factors.

Download Full-text

Understanding Cyber Risk and Cyber Insurance

SSRN Electronic Journal ◽

10.2139/ssrn.3065635 ◽

2017 ◽

Cited By ~ 2

Author(s):

Gareth William Peters ◽

Pavel V. Shevchenko ◽

Ruben D. Cohen ◽

Diane Maurice

Keyword(s):

Cyber Insurance ◽

Cyber Risk

Download Full-text

A comprehensive model for cyber risk based on marked point processes and its application to insurance

European Actuarial Journal ◽

10.1007/s13385-021-00290-1 ◽

2021 ◽

Author(s):

Gabriela Zeller ◽

Matthias Scherer

Keyword(s):

Point Processes ◽

Marked Point ◽

Marked Point Processes ◽

Comprehensive Model ◽

Dynamic Nature ◽

New Approach ◽

Cyber Insurance ◽

Targeted Attacks ◽

Cyber Risk ◽

Model Frequency

AbstractAfter scrutinizing technical, legal, financial, and actuarial aspects of cyber risk, a new approach for modelling cyber risk using marked point processes is proposed. Key covariates, required to model frequency and severity of cyber claims, are identified. The presented framework explicitly takes into account incidents from malicious untargeted and targeted attacks as well as accidents and failures. The resulting model is able to include the dynamic nature of cyber risk, while capturing accumulation risk in a realistic way. The model is studied with respect to its statistical properties and applied to the pricing of cyber insurance and risk measurement. The results are illustrated in a simulation study.

Download Full-text

INSTRUMENT DESIGN FOR CYBER RISK ASSESSMENT IN INSURABILITY VERIFICATION

Informatyka Automatyka Pomiary w Gospodarce i Ochronie Środowiska ◽

10.5604/01.3001.0012.5274 ◽

2018 ◽

Vol 8 (3) ◽

pp. 7-10

Author(s):

David Nicolas Bartolini ◽

Andreas Ahrens ◽

Jelena Zascerinska

Keyword(s):

Risk Assessment ◽

Empirical Evidence ◽

Empirical Research ◽

Instrument Design ◽

Growth Potential ◽

Research Interest ◽

Cyber Insurance ◽

Cyber Risk

Cyber risk assessment for insurability verification has been paid a lot of research interest as cyber insurance represents a new dynamic segment of market with considerable growth potential for insurers. As customer’s practices and processes consistently lead to the final overall result, customer's behaviour has to be described in detail. The aim of the present paper is to design an instrument (questionnaire) for customer’s cyber risk assessment in insurability verification. The method for building an instrument (questionnaire) is empirical research. Empirical research is based on use of empirical evidence. A questionnaire with 11 questions is proposed.

Download Full-text

Legal problems of insurance protection against cyber risks in space activities

Yearly journal of scientific articles “Pravova derzhava” ◽

10.33663/0869-2491-2021-32-268-276 ◽

2021 ◽

pp. 268-276

Author(s):

Nataliia Krasilich

Keyword(s):

State Regulation ◽

Cyber Attacks ◽

Insurance Companies ◽

Cyber Insurance ◽

Insurance Contracts ◽

Cyber Threats ◽

Risk Insurance ◽

Cyber Risk ◽

Space Activities ◽

Insured Event

General global trends in space activities are largely related to the need to protect space information technology from possible cyber threats. The issue of cybersecurity in space activities needs to be thoroughly studied and resolved, as the current state of space activities and existing mechanisms of international and state regulation do not provide a sufficient solution. Disruption of the process of receiving and exchanging information through space information systems can lead to significant consequences. The growing number of cyber threats is becoming more common and destructive. Therefore, the assessment of cyber vulnerabilities in space systems is an important task that must be addressed both at the stage of creation and development, and in the operation of such systems. This, in turn, requires the availability of tools to address the above tasks and qualified personnel. One of the legal ways to protect against the negative effects of cyber threats, including in the field of space activities, may be cyber risk insurance, as a financial and legal mechanism for compensation, loss of losses caused by cyber attacks. In Ukraine, cyber insurance is in its infancy and needs to develop innovative approaches to further development, taking into account the accumulated positive experience of foreign countries in this area. At the moment, insurance companies are only developing the practice of cyber risk insurance and such insurance contracts are isolated. In the current environment, as a rule, the issue of cyber risk insurance is included in comprehensive property insurance contracts, liability insurance, financial risks, which significantly limits the compensation of damages. The main difficulty in the process of indemnification under a cyber risk insurance contract is to record the fact of the insured event, the amount of damage and prove the causal link between the insured event and the claimed losses, as the amount of damage must not only be calculated but also documented. Space information technologies, which are increasingly penetrating economic and social processes, necessitate the development of a segment of cyber insurance in the field of space activities, which will provide adequate insurance protection and compensation for damages to the insured due to cyber incidents. Cyber risk insurance issues should be reflected in national legislation.

Download Full-text

Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

Law & Social Inquiry ◽

10.1111/lsi.12303 ◽

2018 ◽

Vol 43 (02) ◽

pp. 417-440 ◽

Cited By ~ 16

Author(s):

Shauhin A. Talesh

Keyword(s):

Risk Management ◽

Cyber Security ◽

Participant Observation ◽

Legal Regulation ◽

Insurance Companies ◽

Organizational Sociology ◽

Cyber Insurance ◽

Privacy Laws ◽

Cyber Risk ◽

Management Services

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

Download Full-text