Insurability of Cyber Risk

Every reported incident of data breach or system failure resulting in high financial or reputational loss increases decision-maker awareness that current insurance policies do not adequately cover cyber risks. There are many examples of the high economic and social relevance of cyber risk such as the recent NSA, Sony, or LGT data breaches. Recently, the G20 group denoted cyber attacks as a threat to the global economy—an assessment that is not surprising considering that expected annual losses from cyber risk are estimated between US$300bn and US$1tn, whereas the respective 10-year average for catastrophic losses is only US$200bn. Insurance is seen as one possibility for managing cyber risk exposure. The market, however, lags behind the expectations for this potentially huge new line of business with penetration levels estimated between 6 per cent and 10 per cent of companies. In our analysis, we discuss the adequacy of insurance solutions to manage cyber risk.

[1]  Thomas Russell,et al.  Catastrophe Insurance, Capital Markets and Uninsurable Risks , 1997 .

[2]  Scott J. Shackelford Should Your Firm Invest in Cyber Risk Insurance , 2012 .

[3]  Martin Eling,et al.  Fitting insurance claims to skewed distributions: Are the skew-normal and skew-student good models? , 2012 .

[4]  N. Doherty The Design of Insurance Contracts When Liability Rules Are Unstable , 1991 .

[5]  Hemantha S. B. Herath,et al.  Copula Based Actuarial Model for Pricing Cyber-Insurance Policies , 2011 .

[6]  Christian Biener,et al.  Pricing in Microinsurance Markets , 2013 .

[7]  Elizabeth González-Estrada,et al.  A bootstrap goodness of fit test for the generalized Pareto distribution , 2009, Comput. Stat. Data Anal..

[8]  B. Berliner Limits of Insurability of Risks , 1982 .

[9]  Walter Karten How to Expand the Limits of Insurability , 1997 .

[10]  Marc Lelarge,et al.  Cyber Insurance as an Incentivefor Internet Security , 2009, Managing Information Risk and the Economics of Security.

[11]  Lawrence A. Gordon,et al.  A framework for using insurance for cyber-risk management , 2003, Commun. ACM.

[12]  A. Hofmann,et al.  Risiken aus Cloud-Computing-Services : Fragen des Risikomanagements und Aspekte der Versicherbarkeit , 2013 .

[13]  Christian Hess The impact of the financial crisis on operational risk in the financial services industry: empirical evidence , 2011 .

[14]  Srinivasan Raghunathan,et al.  Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self‐Protection , 2011, Risk analysis : an official publication of the Society for Risk Analysis.

[15]  Joan T. Schmit A New View of the Requisites of Insurability , 1986 .

[16]  Annette Hofmann,et al.  Interdependent risk networks: the threat of cyber attack , 2011 .

[17]  A. Vermaat Uninsurability: a Growing Problem , 1995 .

[18]  Lisa Young,et al.  A Taxonomy of Operational Cyber Security Risks , 2010 .

[19]  Fedor Nierhaus,et al.  A Strategic Approach to Insurability of Risks , 1986 .

[20]  M. Gilli,et al.  An Application of Extreme Value Theory for Measuring Financial Risk , 2006 .

[21]  Insurability in Microinsurance Markets: An Analysis of Problems and Potential Solutions , 2012 .

[22]  Jean C. Walrand,et al.  Competitive Cyber-Insurance and Internet Security , 2009, WEIS.

[23]  J. Janssen Implementing the Kyoto Mechanisms: Potential Contributions by Banks and Insurance Companies , 2000 .

[24]  Tridib Bandyopadhyay,et al.  Why IT managers don't go for cyber-insurance products , 2009, Commun. ACM.

[25]  Rainer Böhme,et al.  Cyber-Insurance Revisited , 2005, WEIS.

[26]  Walter S. Baer,et al.  Cyberinsurance in IT Security Management , 2007, IEEE Security & Privacy.