scholarly journals Cyber Insurance Ratemaking: A Graph Mining Approach

Risks ◽  
2021 ◽  
Vol 9 (12) ◽  
pp. 224
Author(s):  
Yeftanus Antonio ◽  
Sapto Wahyu Indratno ◽  
Rinovia Simanjuntak
Keyword(s):  
Graph Mining ◽  
Risk Model ◽  
Critical Issue ◽  
Insurance Companies ◽  
Infection Rates ◽  
Network Characteristics ◽  
Cyber Insurance ◽  
Competitive Prices ◽  
Unweighted Network ◽  
Cyber Risk

Cyber insurance ratemaking (CIRM) is a procedure used to set rates (or prices) for cyber insurance products provided by insurance companies. Rate estimation is a critical issue for cyber insurance products. This problem arises because of the unavailability of actuarial data and the uncertainty of normative standards of cyber risk. Most cyber risk analyses do not consider the connection between Information Communication and Technology (ICT) sources. Recently, a cyber risk model was developed that considered the network structure. However, the analysis of this model remains limited to an unweighted network. To address this issue, we propose using a graph mining approach (GMA) to CIRM, which can be applied to obtain fair and competitive prices based on weighted network characteristics. This study differs from previous studies in that it adds the GMA to CIRM and uses communication models to explain the frequency of communications as weights in the network. We used the heterogeneous generalized susceptible-infectious-susceptible model to accommodate different infection rates. Our approach adds up to the existing method because it considers the communication frequency and GMA in CIRM. This approach results in heterogeneous premiums. Additionally, GMA can choose more active communications to reflect high communications contribution in the premiums or rates. This contribution is not found when the infection rates are the same. Based on our experimental results, it is apparent that this method can produce more reasonable and competitive prices than other methods. The prices obtained with GMA and communication factors are lower than those obtained without GMA and communication factors.

scholarly journals Legal problems of insurance protection against cyber risks in space activities

2021 ◽  
pp. 268-276
Author(s):  
Nataliia Krasilich
Keyword(s):  
State Regulation ◽  
Cyber Attacks ◽  
Insurance Companies ◽  
Cyber Insurance ◽  
Insurance Contracts ◽  
Cyber Threats ◽  
Risk Insurance ◽  
Cyber Risk ◽  
Space Activities ◽  
Insured Event

General global trends in space activities are largely related to the need to protect space information technology from possible cyber threats. The issue of cybersecurity in space activities needs to be thoroughly studied and resolved, as the current state of space activities and existing mechanisms of international and state regulation do not provide a sufficient solution. Disruption of the process of receiving and exchanging information through space information systems can lead to significant consequences. The growing number of cyber threats is becoming more common and destructive. Therefore, the assessment of cyber vulnerabilities in space systems is an important task that must be addressed both at the stage of creation and development, and in the operation of such systems. This, in turn, requires the availability of tools to address the above tasks and qualified personnel. One of the legal ways to protect against the negative effects of cyber threats, including in the field of space activities, may be cyber risk insurance, as a financial and legal mechanism for compensation, loss of losses caused by cyber attacks. In Ukraine, cyber insurance is in its infancy and needs to develop innovative approaches to further development, taking into account the accumulated positive experience of foreign countries in this area. At the moment, insurance companies are only developing the practice of cyber risk insurance and such insurance contracts are isolated. In the current environment, as a rule, the issue of cyber risk insurance is included in comprehensive property insurance contracts, liability insurance, financial risks, which significantly limits the compensation of damages. The main difficulty in the process of indemnification under a cyber risk insurance contract is to record the fact of the insured event, the amount of damage and prove the causal link between the insured event and the claimed losses, as the amount of damage must not only be calculated but also documented. Space information technologies, which are increasingly penetrating economic and social processes, necessitate the development of a segment of cyber insurance in the field of space activities, which will provide adequate insurance protection and compensation for damages to the insured due to cyber incidents. Cyber risk insurance issues should be reflected in national legislation.

Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

2018 ◽  
Vol 43 (02) ◽  
pp. 417-440 ◽  
Author(s):  
Shauhin A. Talesh
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Participant Observation ◽  
Legal Regulation ◽  
Insurance Companies ◽  
Organizational Sociology ◽  
Cyber Insurance ◽  
Privacy Laws ◽  
Cyber Risk ◽  
Management Services

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

scholarly journals Going digital: case study of an Italian insurance company

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Galena Pisoni
Keyword(s):  
Value Chain ◽  
Design Thinking ◽  
New Technologies ◽  
Lessons Learned ◽  
Insurance Companies ◽  
Insurance Company ◽  
Content Type ◽  
Cyber Insurance ◽  
Insurance Policies ◽  
Cyber Risk

Purpose This paper aims to present the case of an Italian SME in the domain of insurance and how it approached its own digital transformation. Together with the founders of the SME, the author investigated the digital trends the company should adopt and identified where to intervene in the value chain of the company with new technologies available in the market. The research was focused on the following three sub-domains: a strategy for adoption of innovative digital solutions to improve the everyday operations of the company, platform connecting the company with the customers and analysis of cyber insurance policies to include in the portfolio of the company. Design/methodology/approach For the part on strategy for adoption of innovative digital solutions, the author performed literature review; for the part in which the study ideates new solution to better connect the company with the customers, the author relied on design thinking, creative facilitation and prototyping; and for the part on cyber insurance policies to include the portfolio, the author relied on data available from other insurance companies the SME collaborates with. Findings This paper presented the analysis on how an insurance SME can embrace digital innovation (via internal innovation, buying from startups, partnering with startups or investing in startups), how an SME can do internal innovation and come up with a simple tool to bring closer the insurers and their customers and types of new cyber risk policies to include in the portfolio to respond to the growing demand for cyber risk insurance. This paper provides useful insights and lessons learned from companies of similar size in the domain of insurance and discusses future extensions of inquiry. Originality/value Big insurance companies and incumbent for their digitization efforts rely on the freshly created InsurTechs wave of companies. In this paper, the author analyzes what small- and medium-sized insurance enterprises can do in this respect and showcases the approach an Italian SME took in this direction.

Will Catastrophic Cyber-Risk Aggregation Thrive in the IoT Age? A Cautionary Economics Tale for (Re-)Insurers and Likes

2021 ◽  
Vol 12 (2) ◽  
pp. 1-36
Author(s):  
Ranjan Pal ◽  
Ziyuan Huang ◽  
Sergey Lototsky ◽  
Xinlong Yin ◽  
Mingyan Liu ◽  
...  
Keyword(s):  
Risk Sharing ◽  
Critical Infrastructure ◽  
Limited Liability ◽  
Interesting Case ◽  
Insurance Companies ◽  
Cyber Attack ◽  
Cyber Insurance ◽  
Risk Aggregation ◽  
Insurance Firms ◽  
Cyber Risk

Service liability interconnections among networked IT and IoT-driven service organizations create potential channels for cascading service disruptions due to modern cybercrimes such as DDoS, APT, and ransomware attacks. These attacks are known to inflict cascading catastrophic service disruptions worth billions of dollars across organizations and critical infrastructure around the globe. Cyber-insurance is a risk management mechanism that is gaining increasing industry popularity to cover client (organization) risks after a cyber-attack. However, there is a certain likelihood that the nature of a successful attack is of such magnitude that an organizational client’s insurance provider is not able to cover the multi-party aggregate losses incurred upon itself by its clients and their descendants in the supply chain, thereby needing to re-insure itself via other cyber-insurance firms. To this end, one question worth investigating in the first place is whether an ecosystem comprising a set of profit-minded cyber-insurance companies, each capable of providing re-insurance services for a service-networked IT environment, is economically feasible to cover the aggregate cyber-losses arising due to a cyber-attack. Our study focuses on an empirically interesting case of extreme heavy tailed cyber-risk distributions that might be presenting themselves to cyber-insurance firms in the modern Internet age in the form of catastrophic service disruptions, and could be a possible standard risk distribution to deal with in the near IoT age. Surprisingly, as a negative result for society in the event of such catastrophes, we prove via a game-theoretic analysis that it may not be economically incentive compatible , even under i.i.d. statistical conditions on catastrophic cyber-risk distributions, for limited liability-taking risk-averse cyber-insurance companies to offer cyber re-insurance solutions despite the existence of large enough market capacity to achieve full cyber-risk sharing. However, our analysis theoretically endorses the popular opinion that spreading i.i.d. cyber-risks that are not catastrophic is an effective practice for aggregate cyber-risk managers, a result established theoretically and empirically in the past. A failure to achieve a working re-insurance market in critically demanding situations after catastrophic cyber-risk events strongly calls for centralized government regulatory action/intervention to promote risk sharing through re-insurance activities for the benefit of service-networked societies in the IoT age.

scholarly journals Cyber insurance: the current situation and prospects of development

2020 ◽  
Vol 9 (28) ◽  
pp. 65-73
Author(s):  
Petro Kurmaiev ◽  
Liudmyla Seliverstova ◽  
Olena Bondarenko ◽  
Nataliia Husarevych
Keyword(s):  
Correlation Analysis ◽  
Insurance Market ◽  
Insurance Companies ◽  
Negative Effects ◽  
Cyber Insurance ◽  
Single Standard ◽  
Business Entities ◽  
High Level ◽  
Risk Insurance ◽  
Cyber Risk

The aim of the article is to analyze current trends in the development of cyber insurance. The following methods of scientific research were used in the preparation of the article: generalization, correlation analysis, comparative analysis. The authors analyze in detail the main trends in the spread of cybercrime. The correlation analysis between the number of registered cybercrimes in a particular country and its GDP, the number of business entities, indicated the lack of correlation between the studied indicators. It states that the most common types of cybercrime are: hacking, unauthorized access, accidental exposure, insider and physical theft. The sectoral analysis of the distribution of cybercrime has revealed a decrease in the share of financial companies while increasing the share of health care companies. It is noted that cyber insurance is one of the effective preventive measures that minimize the negative effects of cybercrime intervention. The article presents segmentation of the cyber insurance market by geography and size of insurance companies. The results of the analysis showed the dominance of US companies in the cyber insurance market. It is stated that the sectoral distribution of cybersecurity policy purchasers in general follows the trends of the sectoral distribution of cybercrime. The volume of cyber insurance, expenses of insured legal entities is analyzed. The main trends in the development of cyber insurance have been identified. The factors that hold back the development of cyber risk insurance have been identified. The main ones include the following: high level of information entropy in the process of cyber risk assessment, lack of a single standard for filling insurance services in the field of cyber insurance. It is noted that in the medium term the cyber insurance market is prospective for insurance companies. This is caused by the increasing scale of cyber threats and the costs associated with cyberattacks.

scholarly journals State of the cyber insurance products within Slovenian insurance companies

2019 ◽  
Vol 7 (2) ◽  
pp. 56-68
Author(s):  
Tina Kavcic ◽  
Boštjan Delak
Keyword(s):  
Risk Mitigation ◽  
The United States ◽  
Cyber Attacks ◽  
Insurance Companies ◽  
Technology Infrastructure ◽  
Information Technology Infrastructure ◽  
Cyber Insurance ◽  
Baltic Countries ◽  
The Baltic ◽  
Cyber Risk

With the growing prevalence of cyber threats and cyber attacks enterprises have to manage their cyber risks. There are several risk strategies for cyber risk mitigation. One of them is to transfer the cyber risk to insurance companies through the so called “cyber insurance”. Cyber insurance is an insurance package used to protect companies and individuals from Internet risks, Internet of things risks, and risks associated with information technology infrastructure and activities. It is estimated that approximately 85% to 90% of the cyber insurance market is located in the United States while the European market is estimated to account for approximately 5% to 9%. With the exception of the Baltic countries, smaller countries have problems raising cyber risk awareness within their countries. This paper describes the results of our survey on availability of cyber insurance products in Slovenia. Results show that currently only a few insurance companies even offer cyber insurance products. On the other hand, the survey shows that regulators did not issue any guidelines to insurance companies to develop such insurance products. The aim of this paper is to raise awareness about the potential of cyber insurance products among scholars, insurance stakeholders, regulators, and also among potential clients.

scholarly journals РОЛЬ КІБЕРСТРАХУВАННЯ В СИСТЕМІ РИЗИК-МЕНЕДЖМЕНТУ БАНКІВСЬКИХ УСТАНОВ

2020 ◽  
pp. 183-196
Author(s):  
Maksym Dubyna ◽  
Iryna Serediuk ◽  
Natalia Bilous
Keyword(s):  
Control Systems ◽  
Internal Control ◽  
Cyber Attacks ◽  
Insurance Companies ◽  
Cyber Insurance ◽  
Current Trends ◽  
Banking Institutions ◽  
Risk Insurance ◽  
Cyber Risk

Within the article, the role of cyber insurance in the development of risk management systems of banking institutions is researched, namely, the essence of this system is specified, conditions of cyber risks and their potential for threats to banking institutions are identified. Considerable attention is paid to the analysis of the consequences and actions of cyber attacks in the activities of these institutions, the essence of cyber insurance as a method of minimizing losses from such influences is studied, peculiarities of providing cyber risk insurance services by insurance companies to commercial banks are specified. In addition, current trends as for the costs of organizations to take measures to ensure their own cybersecurity and purchase of appropriate insurance products are revealed, measures to improve security of banking institutions based on improving their internal control systems and financial security are specified.

scholarly journals Cyber operational risk scenarios for insurance companies

2019 ◽  
Vol 24 ◽  
Author(s):  
R. Egan ◽  
S. Cartagena ◽  
R. Mohamed ◽  
V. Gosrani ◽  
J. Grewal ◽  
...  
Keyword(s):  
Cyber Security ◽  
Operational Risk ◽  
Social Engineering ◽  
Insurance Companies ◽  
List Type ◽  
Operational Risks ◽  
Life Insurer ◽  
Cyber Risk ◽  
The Impact ◽  
Over Time

AbstractCyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:∙Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).∙Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).∙Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).Limitations: The following sets out key limitations of the work set out in this paper:∙While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.∙There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.∙No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)∙No consideration has been given to the impact of the event on the share price of the company.∙Correlation with other risk types has not been explicitly considered.Conclusions: Cyber risk is a very real threat and should not be ignored or treated lightly in operational risk frameworks, as it has the potential to threaten the ongoing viability of an organisation. Risk managers and capital actuaries should be aware of the various sources of cyber risk and the potential impacts to ensure that the business is sufficiently prepared for such an event. When it comes to quantifying the impact of cyber risk on the operations of an insurer there are significant challenges. Not least that the threat landscape is ever changing and there is a lack of historical experience to base assumptions off. Given this uncertainty, this paper sets out a framework upon which readers can bring consistency to the way scenarios are developed over time. It provides a common taxonomy to ensure that key aspects of cyber risk are considered and sets out examples of how to implement the framework. It is critical that insurers endeavour to understand cyber risk better and look to refine assumptions over time as new information is received. In addition to ensuring that sufficient capital is being held for key operational risks, the investment in understanding cyber risk now will help to educate senior management and could have benefits through influencing internal cyber security capabilities.

scholarly journals Analysing IoT Cyber Risk for Estimating IoT Cyber Insurance

2019 ◽  
Author(s):  
Petar Radanliev ◽  
Rafael Mantilla Montalvo ◽  
Razvan Nicolescu ◽  
Michael Huth ◽  
Stacy Cannady ◽  
...  
Keyword(s):  
Impact Assessment ◽  
Cyber Security ◽  
Industry 4.0 ◽  
Assessment Model ◽  
Theory Approach ◽  
Academic Literature ◽  
Cyber Insurance ◽  
Cyber Risk ◽  
Quantitative Impact ◽  
Grounded Theory Approach

This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.

Sign in / Sign up

Export Citation Format

Share Document