Journal of Operational Risk

Cyber risk management: an actuarial point of view

Maria Francesca Carfora, Fabio Martinelli, Francesco Mercaldo and Albina Orlando

In recent decades, companies worldwide have faced a new kind of risk, namely cyber risk, that has emerged as one of the top challenges in risk management. Insurance has only recently been applied to the cyber world, and it is increasingly becoming part of the risk management process, posing many challenges to actuaries. One of the main issues is the lack of data, particularly financial data. This paper points out the peculiarities of cyber insurance contracts compared with the classical nonlife insurance contracts from both the insurer’s and the insured’s perspectives. The main actuarial principles that are fundamental to any valuation in a cyber context are discussed. An illustrative example is proposed where the Chronology of Data Breaches data set provided by the Privacy Rights Clearing House is analyzed in depth. The most suitable distributions to represent the frequency and the severity of the reported cyber incidents are examined and the value-at-risk measure is estimated. Then, two exemplifying cases offer the assessment of both the premium required by the insurer and the indifference premium the insured is willing to pay. Despite certain limitations, this research could offer useful information on this particular kind of insurance policy

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to View our subscription options

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here