Content Analysis of Cyber Insurance Policies: How Do Carriers Write Policies and Price Cyber Risk?

Abstract This article highlights how cyber risk dependencies can be taken into consideration when underwriting cyber-insurance policies. This is done within the context of a base rate insurance policy framework, which is widely used in practice. Specifically, we show that there is an opportunity for an underwriter to better control the risk dependency and the risk spill-over, ultimately resulting in lower overall cyber risks across its portfolio. To do so, we consider a Service Provider (SP) and its customers as the interdependent insurer’s customers: a data breach suffered by the SP can cause business interruption to its customers. In underwriting both the SP and its customers, we show that the insurer can increase its profit by incentivizing the SP (through a discount on its premium) to invest more in security, thereby decreasing the chance of business interruption to the customers, and increasing social welfare. For comparison, we also consider a scenario where the insurer underwrites only the SP’s customers (but not the SP), and receives compensation from the SP’s insurance carrier when losses are attributed to the SP. We show how the insurer’s best strategy is to underwrite both the SP and its customers. We use an actual cyber-insurance policy and claims data to calibrate and substantiate our analytical findings.

Download Full-text

Going digital: case study of an Italian insurance company

Journal of Business Strategy ◽

10.1108/jbs-11-2019-0225 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Galena Pisoni

Keyword(s):

Value Chain ◽

Design Thinking ◽

New Technologies ◽

Lessons Learned ◽

Insurance Companies ◽

Insurance Company ◽

Content Type ◽

Cyber Insurance ◽

Insurance Policies ◽

Cyber Risk

Purpose This paper aims to present the case of an Italian SME in the domain of insurance and how it approached its own digital transformation. Together with the founders of the SME, the author investigated the digital trends the company should adopt and identified where to intervene in the value chain of the company with new technologies available in the market. The research was focused on the following three sub-domains: a strategy for adoption of innovative digital solutions to improve the everyday operations of the company, platform connecting the company with the customers and analysis of cyber insurance policies to include in the portfolio of the company. Design/methodology/approach For the part on strategy for adoption of innovative digital solutions, the author performed literature review; for the part in which the study ideates new solution to better connect the company with the customers, the author relied on design thinking, creative facilitation and prototyping; and for the part on cyber insurance policies to include the portfolio, the author relied on data available from other insurance companies the SME collaborates with. Findings This paper presented the analysis on how an insurance SME can embrace digital innovation (via internal innovation, buying from startups, partnering with startups or investing in startups), how an SME can do internal innovation and come up with a simple tool to bring closer the insurers and their customers and types of new cyber risk policies to include in the portfolio to respond to the growing demand for cyber risk insurance. This paper provides useful insights and lessons learned from companies of similar size in the domain of insurance and discusses future extensions of inquiry. Originality/value Big insurance companies and incumbent for their digitization efforts rely on the freshly created InsurTechs wave of companies. In this paper, the author analyzes what small- and medium-sized insurance enterprises can do in this respect and showcases the approach an Italian SME took in this direction.

Download Full-text

Using cyber insurance to run virtuous circles around cyber risk

Computer Fraud & Security ◽

10.1016/s1361-3723(18)30096-4 ◽

2018 ◽

Vol 2018 (10) ◽

pp. 6-8

Author(s):

Mike Lloyd

Keyword(s):

Cyber Insurance ◽

Cyber Risk

Download Full-text

Effective Premium Discrimination for Designing Cyber Insurance Policies with Rare Losses

Lecture Notes in Computer Science - Decision and Game Theory for Security ◽

10.1007/978-3-030-32430-8_16 ◽

2019 ◽

pp. 259-275

Author(s):

Mohammad Mahdi Khalili ◽

Xueru Zhang ◽

Mingyan Liu

Keyword(s):

Cyber Insurance ◽

Insurance Policies

Download Full-text

Analysing IoT Cyber Risk for Estimating IoT Cyber Insurance

10.20944/preprints201903.0110.v1 ◽

2019 ◽

Author(s):

Petar Radanliev ◽

Rafael Mantilla Montalvo ◽

Razvan Nicolescu ◽

Michael Huth ◽

Stacy Cannady ◽

...

Keyword(s):

Impact Assessment ◽

Cyber Security ◽

Industry 4.0 ◽

Assessment Model ◽

Theory Approach ◽

Academic Literature ◽

Cyber Insurance ◽

Cyber Risk ◽

Quantitative Impact ◽

Grounded Theory Approach

This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.

Download Full-text

Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance

Information Systems Frontiers ◽

10.1007/s10796-017-9808-5 ◽

2017 ◽

Vol 21 (5) ◽

pp. 997-1018 ◽

Cited By ~ 6

Author(s):

Arunabha Mukhopadhyay ◽

Samir Chatterjee ◽

Kallol K. Bagchi ◽

Peteer J. Kirs ◽

Girja K. Shukla

Keyword(s):

Risk Assessment ◽

Cyber Insurance ◽

Probit Models ◽

Logit And Probit Models ◽

Cyber Risk

Download Full-text

Cyber Insurance as a Way of Cyber Risks Management

Safety in Technosphere ◽

10.12737/article_5d8b1f1205ad35.02378913 ◽

2019 ◽

Vol 7 (5) ◽

pp. 35-42

Author(s):

Александр Суворов ◽

Aleksandr Suvorov ◽

Мария Матанцева ◽

Mariya Matanceva ◽

Евгения Плотникова ◽

...

Keyword(s):

Cyber Security ◽

Insurance Industry ◽

Security Level ◽

Controversial Issues ◽

It Infrastructure ◽

Software Products ◽

Cyber Insurance ◽

Risk Insurance ◽

Commercial Organization ◽

Cyber Risk

A review of the cyber insurance domain has been carried out with a description of classical terms from the insurance industry. Have been considered two the most comprehensive today definitions of cyber risk in authors’ opinion. A diagram of processes for cyber risk management using insurance has been presented, and the place of cyber-risk among other company’s risks has been demonstrated, i. e. the context of cyber risk among the risks of any commercial organization has been shown. A typical cyber insurance process has been described, and a scheme of cyber insurance processes has been developed. A brief description of problem areas and controversial issues in cyber insurance, with which cyber-risk insurance practices may face, has been presented, as well as a table showing at which stage of cyber-insurance the specific problems may arise. Has been provided the basic economic utility function, which formalizes decision making for agents with a different attitude to risk. Standards in cyber security, and various software products that can be used as a tool for assessing the security level of an enterprise’s IT infrastructure have been presented, and it has been demonstrated how these products can help in cyber risk assessment. Different methods used at each stage of cyber insurance have been shown.

Download Full-text

Cyber Insurance Ratemaking: A Graph Mining Approach

Risks ◽

10.3390/risks9120224 ◽

2021 ◽

Vol 9 (12) ◽

pp. 224

Author(s):

Yeftanus Antonio ◽

Sapto Wahyu Indratno ◽

Rinovia Simanjuntak

Keyword(s):

Graph Mining ◽

Risk Model ◽

Critical Issue ◽

Insurance Companies ◽

Infection Rates ◽

Network Characteristics ◽

Cyber Insurance ◽

Competitive Prices ◽

Unweighted Network ◽

Cyber Risk

Cyber insurance ratemaking (CIRM) is a procedure used to set rates (or prices) for cyber insurance products provided by insurance companies. Rate estimation is a critical issue for cyber insurance products. This problem arises because of the unavailability of actuarial data and the uncertainty of normative standards of cyber risk. Most cyber risk analyses do not consider the connection between Information Communication and Technology (ICT) sources. Recently, a cyber risk model was developed that considered the network structure. However, the analysis of this model remains limited to an unweighted network. To address this issue, we propose using a graph mining approach (GMA) to CIRM, which can be applied to obtain fair and competitive prices based on weighted network characteristics. This study differs from previous studies in that it adds the GMA to CIRM and uses communication models to explain the frequency of communications as weights in the network. We used the heterogeneous generalized susceptible-infectious-susceptible model to accommodate different infection rates. Our approach adds up to the existing method because it considers the communication frequency and GMA in CIRM. This approach results in heterogeneous premiums. Additionally, GMA can choose more active communications to reflect high communications contribution in the premiums or rates. This contribution is not found when the infection rates are the same. Based on our experimental results, it is apparent that this method can produce more reasonable and competitive prices than other methods. The prices obtained with GMA and communication factors are lower than those obtained without GMA and communication factors.

Download Full-text