Understanding Cyber Risk and Cyber Insurance
30 Pages Posted: 7 Nov 2017 Last revised: 5 Mar 2018
Date Written: November 5, 2017
In this manuscript we explore a range of perspectives being adopted by industry and regulators in order to classify cyber crime or cyber risk loss processes. The purposes of this is to better understand and discuss the emerging perspectives on this class of risk process in order to inform management practice, data collection and ultimately loss modelling. In the second part of the manuscript we discuss the emerging market of cyber risk insurance and the challenges faced by this market resulting from the diversity of insurance coverage on offer and uncertainty relating to potential exposures and vulnerabilities associated with this risk class. Furthermore, we discuss the challenge of moral hazard that can arise in developing such insurance markets. In the third section, the manuscript discusses regulator and industry responses to cyber risk management, mitigation and insurance.
We conclude with insights and perspectives on whether cyber risk is a loss process that should be primarily covered by capital management practice, or whether it is better suited to an insurance mitigation or risk transfer based approach.
Keywords: cyber risk, cyber crime, operational risk, cyber insurance, cyber regulation, Information Technology risk, business disruption
Suggested Citation: Suggested Citation