Understanding Cyber Risk and Cyber Insurance

30 Pages Posted: 7 Nov 2017 Last revised: 5 Mar 2018

See all articles by Gareth Peters

Gareth Peters

University of California Santa Barbara; University of California, Santa Barbara

Pavel V. Shevchenko

Macquarie University - Department of Actuarial Studies and Business Analytics

Ruben D. Cohen

Independent

Diane Maurice

Central Bank of Tunisia

Multiple version iconThere are 2 versions of this paper

Date Written: November 5, 2017

Abstract

In this manuscript we explore a range of perspectives being adopted by industry and regulators in order to classify cyber crime or cyber risk loss processes. The purposes of this is to better understand and discuss the emerging perspectives on this class of risk process in order to inform management practice, data collection and ultimately loss modelling. In the second part of the manuscript we discuss the emerging market of cyber risk insurance and the challenges faced by this market resulting from the diversity of insurance coverage on offer and uncertainty relating to potential exposures and vulnerabilities associated with this risk class. Furthermore, we discuss the challenge of moral hazard that can arise in developing such insurance markets. In the third section, the manuscript discusses regulator and industry responses to cyber risk management, mitigation and insurance.

We conclude with insights and perspectives on whether cyber risk is a loss process that should be primarily covered by capital management practice, or whether it is better suited to an insurance mitigation or risk transfer based approach.

Keywords: cyber risk, cyber crime, operational risk, cyber insurance, cyber regulation, Information Technology risk, business disruption

Suggested Citation

Peters, Gareth and Shevchenko, Pavel V. and Cohen, Ruben and Maurice, Diane, Understanding Cyber Risk and Cyber Insurance (November 5, 2017). Available at SSRN: https://ssrn.com/abstract=3065635 or http://dx.doi.org/10.2139/ssrn.3065635

Gareth Peters (Contact Author)

University of California Santa Barbara ( email )

Santa Barbara, CA 93106
United States

University of California, Santa Barbara ( email )

Pavel V. Shevchenko

Macquarie University - Department of Actuarial Studies and Business Analytics ( email )

Australia

HOME PAGE: http://www.mq.edu.au/research/centre-for-risk-analytics/pavel-shevchenko

Ruben Cohen

Independent ( email )

Diane Maurice

Central Bank of Tunisia ( email )

1080 Tunis
Tunisia

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
435
Abstract Views
2,197
Rank
21,452
PlumX Metrics