In the last decades companies worldwide are facing a new kind of risk, namely cyber risk, that has emerged as one of the top challenges in risk management. Insurance was only recently applied to cyber world and it is increasingly becoming part of the risk management process, posing many challenges to actuaries. One of the main issues is the lack of data, in particular nancial ones. The aim of the paper is to point out the peculiarities of cyber insurance contracts with respect to the classical non life insurance ones both from the insurer and the insured's perspective. Therefore, the main actuarial principles that are fundamental to any valu- ation in cyber context are discussed. An illustrative example is proposed where the Chronology of Data Breaches provided by the Privacy Rights Clearing House is deeply analyzed. The most suitable distributions to represent the frequency and the severity of the reported cyber incidents are examined and the value at risk measure is estimated. Then, two ex- emplifying cases oer the assessment of both the premium required by the insurer and the indierence premium that the insured is willing to pay. Even though this research is still preliminary and shows some limits highlighted by the authors, it could offer useful information to better un- derstand this peculiar kind of insurance policies.

Cyber Risk management: an actuarial point of view

Maria Francesca Carfora;Fabio Martinelli;Albina Orlando
2019

Abstract

In the last decades companies worldwide are facing a new kind of risk, namely cyber risk, that has emerged as one of the top challenges in risk management. Insurance was only recently applied to cyber world and it is increasingly becoming part of the risk management process, posing many challenges to actuaries. One of the main issues is the lack of data, in particular nancial ones. The aim of the paper is to point out the peculiarities of cyber insurance contracts with respect to the classical non life insurance ones both from the insurer and the insured's perspective. Therefore, the main actuarial principles that are fundamental to any valu- ation in cyber context are discussed. An illustrative example is proposed where the Chronology of Data Breaches provided by the Privacy Rights Clearing House is deeply analyzed. The most suitable distributions to represent the frequency and the severity of the reported cyber incidents are examined and the value at risk measure is estimated. Then, two ex- emplifying cases oer the assessment of both the premium required by the insurer and the indierence premium that the insured is willing to pay. Even though this research is still preliminary and shows some limits highlighted by the authors, it could offer useful information to better un- derstand this peculiar kind of insurance policies.
2019
Istituto Applicazioni del Calcolo ''Mauro Picone''
Istituto di informatica e telematica - IIT
Risk management
Cyber risk
Cyber Insurance
Pricing
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/390864
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 20
  • ???jsp.display-item.citation.isi??? 20
social impact