• PDF / 1,002,639 Bytes
• 16 Pages / 439.37 x 666.142 pts Page_size
• 108 Downloads / 253 Views

DOWNLOAD

REPORT

stract. As a basis for offering policy and setting tariffs, cyberinsurance carriers need to assess the cyber risk of companies. This paper explores the challenges insurance companies face in assessing cyber risk, based on literature and interviews with representatives from insurers. The interview subjects represent insurance companies offering cyberinsurance in a market where this is a new and unknown product. They have limited historical data, with few examples of incidents leading to payout. This lack of experience and data, together with the need for an efficient sales process, highly impacts their approach to risk assessment. Two options for improving the ability to perform thorough yet efficient assessments of cyber risk are explored in this paper: basing analysis on reusable sector-specific risk models, and including managed security service providers (MSSPs) in the value chain.

Keywords: Cyber-insurance

1

· Risk management · Risk modeling

Introduction

Cyber-insurance has been defined in literature as “the transfer of financial risk associated with network and computer incidents to a third party” [9]. It can take many forms, offering third party or first party coverage, and covering a variety of threat types [8,24]. The demand for this insurance product is increasing [35,36]. Although cyber-insurance has been around in some form for several decades, the cyber-insurance products are still relatively immature. This is underlined by statements such as “cyber policies are still the Wild West of insurance policies” [11] and “products are untested, pricing appears arbitrary and experimentation in contract writing is commonplace” [4]. Academic research on cyber-insurance has identified a number of challenges and knowledge gaps [4,24,40], some of which are related to assessing cyber risk. Taking on cyber in their product portfolio is associated with a greater risk for insurance companies than other traditional covers, which is reflected in the product’s pricing. According to a UK study, the cost of cyber-insurance relative to the limit purchased is typically three times the cost of cover for more c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing Switzerland 2016. All Rights Reserved F. Buccafurri et al. (Eds.): CD-ARES 2016, LNCS 9817, pp. 175–190, 2016. DOI: 10.1007/978-3-319-45507-5 12

176

I.A. Tøndel et al.

established general liability risks, and six times higher than for property insurance [18]. The UK study additionally points out that cyber-insurance has a lower price differentiation across customers, something that may be due to a lack of historical data in underwriting or inappropriate means of assessing the cyber risk of potential customers. This is concerning as it undermines the role that insurance can have in increasing the security posture of insurance buyers, since they will not see any benefit in terms of lower insurance cost [18]. As a basis for offering policy and setting tariffs, cyber-insurance carriers need to assess the cyber risk of companies

Recommend Documents

The Solar Corona Insurance Company

158 25 141KB

Partition of the Customers in Insurance 4.0

193 79 6MB

Insurance definitions of cyber war

159 89 806KB

Cyber insurance offering and performance: an analysis of the U.S. cyber insurance market

168 101 1MB

Analysis of the impact of cyber events for cyber insurance

159 24 1MB

Metropolitan Life Insurance Company, North Building

184 115 53MB

Cyber Risk and Cyber Risk Insurance: Status Quo and Future Research

153 14 75KB

Insurance Risk Levels Example

175 18 3MB

Cyber insurance demand, supply, contracts and cases

191 75 438KB

Life Insurance Risk Management Essentials

236 1 10MB

Stochastic successive approximation method for assessing the insolvency risk of an insurance company

121 0 255KB

Insurance

215 13 52MB