insurability of cyber risk: an empirical analysis christian biener, martin eling, and jan hendrik...
TRANSCRIPT
![Page 1: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/1.jpg)
Insurability of Cyber Risk: An Empirical Analysis
Christian Biener, Martin Eling, and Jan Hendrik WirfsUniversity of St. Gallen, Switzerland
Institute of Insurance Economics
IIS 50th Annual Seminar in LondonJune 24, 2014
![Page 2: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/2.jpg)
Estimated Cost from Global Cyber Activity
Data source: McAfee, 2013
Upper Bound$1 Trillion
Lower Bound$300 Billion
Ø Natural Cat Losses< $200 Billion
Data source: Munich Re, 2014
Cyber Risk – Big Threat to Global Economy
![Page 3: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/3.jpg)
Average Information Security Budget (PWC, 2014)
2009
2013
$ 2.7 million
$ 4.3 million+15% p.a.
Cyber Insurance
Mature Markets
> 10%
1%
Insurance Gross Premium Growth p.a. (Swiss Re, 2014 | Betterley, 2013)
Cyber Risk – Big Market Opportunities
![Page 4: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/4.jpg)
Contribution – Cyber Risk Insurability
25 relevant and high-quality studies
published between 2002 and 2014
Literature Review
SAS OpRisk Global Data:22,075 operational loss incidents between 1971 and 2009
Cyber Risk Data
Classification of risks in terms of actuarial, market, and societal conditions(see Berliner, 1982)
Is Cyber Risk Insurable?
![Page 5: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/5.jpg)
Failures of hardware, software, and integrated systems
Systems Failure
Catastrophes, legal issues, service dependence
External Events
Failures of processes due to poor process design /controls
Failed Internal Processes
Unintentional and intentional actions as well as failure to act
Actions of People
1%
Data source: SAS OpRisk Global Data
Allocation of Cyber Risk Incidents to Cyber Risk Categories
90%
4%
4%
90% of Incidents Related to People
Undetermined
31%
15%
42%
Vulnerable Code
Misconfigured System
End-user Error
Targeted Attack
6%
6%
Dat
a so
urce
: IBM
, 20
13
![Page 6: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/6.jpg)
(1) Randomness of Losses
Independence and Predictability
(2) Maximum Possible Loss Manageable
(3) Average Loss per Event Moderate
(4) Loss Exposure Large Loss Exposure (5) Information
AsymmetryNo Moral Hazard and Adverse Selection
(6) Insurance Premium Cost Recovery / Affordability (7) Cover Limits Acceptable (8) Public Policy Consistent With Societal
Values (9) Legal Restrictions Allow for Coverage
Actuarial
Insurability Criteria Requirements Assessment
Market
Societal
The Insurability Framework
?
??
![Page 7: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/7.jpg)
Important Role of Insurers Put a Price Tag on Cyber Risk
Need for Increasing Product Value Lower Deductibles, Higher Caps
Need for More Re-Insurance Capacity Diversification
Need for a Reduction of Ambiguity Towards Cyber Risk Coverage
Industry Data-Sharing to Enhance Systematic LearningIndustry Surveys Help Capture Dynamic Changes
Insurers
Regulators
Outlook
Implications for the Insurance Industry
Increasing Cyber Risk Insurance Demand Expected
Followed by Increasing Availability and Competition
Significant Potential for Future Research
![Page 8: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/8.jpg)
Copyright 2006 John Klossner | www.jklossner.com
Cyber Risk – We’re Talking About Dave
![Page 9: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/9.jpg)
Insurability of Cyber Risk: An Empirical Analysis
Christian Biener, Martin Eling, and Jan Hendrik WirfsUniversity of St. Gallen, Switzerland
Institute of Insurance Economics
IIS 50th Annual Seminar in LondonJune 24, 2014
![Page 10: Insurability of Cyber Risk: An Empirical Analysis Christian Biener, Martin Eling, and Jan Hendrik Wirfs University of St. Gallen, Switzerland Institute](https://reader035.vdocument.in/reader035/viewer/2022062407/56649cf85503460f949c8d4e/html5/thumbnails/10.jpg)
Berliner, B., 1982, Limits of Insurability of Risks, Englewood Cliffs, NJ: Prentice-Hall.
Betterley, R.S., 2013, Cyber/Privacy Insurance Market Survey 2013: Carriers deepen their risk management services benefits—Insureds grow increasingly concerned with coverage limitations.
Cebula, J.J. and Young, L.R., 2010, A Taxonomy of Operational Cyber Security Risks, Technical Note CMU/SEI-2010-TN-028, Software Engineering Institute, Carnegie Mellon University.
IBM, 2013, The 2013 IMB Cyber Security Intelligence Index, http://www-935.ibm.com/services/us/en/security/infographic/cybersecurityindex.html.
McAfee, 2013, The Economic Impact of Cybercrime and Cyber Espionage.
Munich Re, 2014, 2013 Natural Catastrophe Year in Review.
Ponemon Institute, 2014, 2014 Cost of Data Breach Study: Global Analysis
PWC, 2014, The Global State of Information Security® Survey 2014.
SAS OpRisk Global Data, 2010, http://www.sas.com/resources/product-brief/sas-oprisk-globaldata-brief.pdf.
Swiss Re, 2014, Swiss Re Economic Research and Consulting.
References