Journal of Operational Risk
ISSN:
1744-6740 (print)
1755-2710 (online)
Editor-in-chief: Marcelo Cruz
Cyber risk management: an actuarial point of view
Maria Francesca Carfora, Fabio Martinelli, Francesco Mercaldo and Albina Orlando
Abstract
In recent decades, companies worldwide have faced a new kind of risk, namely cyber risk, that has emerged as one of the top challenges in risk management. Insurance has only recently been applied to the cyber world, and it is increasingly becoming part of the risk management process, posing many challenges to actuaries. One of the main issues is the lack of data, particularly financial data. This paper points out the peculiarities of cyber insurance contracts compared with the classical nonlife insurance contracts from both the insurer’s and the insured’s perspectives. The main actuarial principles that are fundamental to any valuation in a cyber context are discussed. An illustrative example is proposed where the Chronology of Data Breaches data set provided by the Privacy Rights Clearing House is analyzed in depth. The most suitable distributions to represent the frequency and the severity of the reported cyber incidents are examined and the value-at-risk measure is estimated. Then, two exemplifying cases offer the assessment of both the premium required by the insurer and the indifference premium the insured is willing to pay. Despite certain limitations, this research could offer useful information on this particular kind of insurance policy
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net