Growth in the Perception of Cyber Risk: Evidence from U.S. P&C Insurers
- PDF / 197,766 Bytes
- 16 Pages / 481.89 x 694.488 pts Page_size
- 33 Downloads / 233 Views
Growth in the Perception of Cyber Risk: Evidence from U.S. P&C Insurers David M. Pooser, Mark J. Browne and Oleksandra Arkhangelska a
School of Risk Management, Insurance, and Actuarial Science, Peter J. Tobin College of Business, St. John’s University, New York, NY, USA. E-mail: [email protected]; [email protected]; [email protected]
The perception of cyber risk has increased in the economy and especially in insurance firms. Using data from publicly traded U.S. property–casualty (P&C) insurers, we examine the trend in cyber risk identification from 2006 to 2015, as well as firms’ characteristics related to cyber risk perception. Roughly one-quarter of our sample identified cyber risk as a material risk factor in 2006, and this group of our sample grew to include substantially all insurers by 2013. The firms that were ‘‘early adopters’’ of cyber risk identification tend to be the smaller, more highly leveraged and higher growth firms. These firms are also more concentrated in their line of business portfolio and use less external reinsurance. This evidence may suggest that the early identifiers of cyber risk were the most sensitive to potential disruption based on their size or firm risk. The Geneva Papers (2018). https://doi.org/10.1057/s41288-017-0077-9 Keywords: cyber risk; risk perception; emerging risk Article submitted 19 May 2017; accepted 11 December 2017
Introduction This paper discusses the perception and identification of cyber risk in the publicly traded U.S. property-casualty (P&C) insurance industry over a 10-year period. Cyber risk is a topic that is being discussed more and more in news outlets, by regulators and by corporate decision makers. The growth in perception of cyber risk—which probably has been partly stimulated by the increase in the number of notable cyber breach incidents—has led to massive investment in security infrastructure for information technology, and has placed many firms under intense scrutiny by stakeholders whose personal or private data may be subject to theft or leakage.1 Regulatory bodies have also increased their oversight of firms that store sensitive data. For example, the National Association of Insurance Commissioners (NAIC) has proposed an ‘‘Insurance Data Security Model Law’’ for state regulators by establishing standards for data security investigation as well as notification in the event of a breach. U.S. banks face similar regulatory standards issuing from a March 2005 order by federal banking regulators. It is likely that directors and officers of corporations are concerned about the potential liability they or their firms may face in the event of major 1
Examples of large, notable data breaches over time can be seen in Lord (2017), available at https:// digitalguardian.com/blog/history-data-breaches.
The Geneva Papers on Risk and Insurance—Issues and Practice
cyber breaches.2 Many insurers are beginning to offer cyber risk policies to help offset the costs of data breaches and other cyberattacks, although the viability of the
Data Loading...
