Understanding Cyber Risk and Cyber Insurance

30 Pages Posted: 7 Nov 2017 Last revised: 5 Mar 2018

See all articles by Gareth Peters

Gareth Peters

Department of Actuarial Mathematics and Statistics, Heriot-Watt University; University College London - Department of Statistical Science; University of Oxford - Oxford-Man Institute of Quantitative Finance; London School of Economics & Political Science (LSE) - Systemic Risk Centre; University of New South Wales (UNSW) - Faculty of Science

Pavel V. Shevchenko

Macquarie University; Macquarie University, Macquarie Business School

Ruben Cohen

Independent

Diane Maurice

Central Bank of Tunisia

Multiple version iconThere are 2 versions of this paper

Date Written: November 5, 2017

Abstract

In this manuscript we explore a range of perspectives being adopted by industry and regulators in order to classify cyber crime or cyber risk loss processes. The purposes of this is to better understand and discuss the emerging perspectives on this class of risk process in order to inform management practice, data collection and ultimately loss modelling. In the second part of the manuscript we discuss the emerging market of cyber risk insurance and the challenges faced by this market resulting from the diversity of insurance coverage on offer and uncertainty relating to potential exposures and vulnerabilities associated with this risk class. Furthermore, we discuss the challenge of moral hazard that can arise in developing such insurance markets. In the third section, the manuscript discusses regulator and industry responses to cyber risk management, mitigation and insurance.

We conclude with insights and perspectives on whether cyber risk is a loss process that should be primarily covered by capital management practice, or whether it is better suited to an insurance mitigation or risk transfer based approach.

Keywords: cyber risk, cyber crime, operational risk, cyber insurance, cyber regulation, Information Technology risk, business disruption

Suggested Citation

Peters, Gareth and Shevchenko, Pavel V. and Cohen, Ruben and Maurice, Diane, Understanding Cyber Risk and Cyber Insurance (November 5, 2017). Available at SSRN: https://ssrn.com/abstract=3065635 or http://dx.doi.org/10.2139/ssrn.3065635

Gareth Peters (Contact Author)

Department of Actuarial Mathematics and Statistics, Heriot-Watt University ( email )

Edinburgh Campus
Edinburgh, EH14 4AS
United Kingdom

HOME PAGE: http://garethpeters78.wixsite.com/garethwpeters

University College London - Department of Statistical Science ( email )

1-19 Torrington Place
London, WC1 7HB
United Kingdom

University of Oxford - Oxford-Man Institute of Quantitative Finance ( email )

University of Oxford Eagle House
Walton Well Road
Oxford, OX2 6ED
United Kingdom

London School of Economics & Political Science (LSE) - Systemic Risk Centre ( email )

Houghton St
London
United Kingdom

University of New South Wales (UNSW) - Faculty of Science ( email )

Australia

Pavel V. Shevchenko

Macquarie University ( email )

North Ryde
Sydney, New South Wales 2109
Australia

HOME PAGE: http://www.businessandeconomics.mq.edu.au/contact_the_faculty/all_fbe_staff/pavel_shevchenko

Macquarie University, Macquarie Business School ( email )

New South Wales 2109
Australia

Ruben Cohen

Independent ( email )

No Address Available

Diane Maurice

Central Bank of Tunisia ( email )

1080 Tunis
Tunisia

Register to save articles to
your library

Register

Paper statistics

Downloads
262
Abstract Views
970
rank
46,671
PlumX Metrics