How can Actuaries be Thought Leaders on Cyber Liability?

The infrastructure, the users, and the services offered on computer networks today are all subject to a wide variety of risks posed by threats that include distributed denial of service attacks, intrusions of various kinds, eavesdropping, hackingphishing, worms, viruses, spams, etc. In order to counter the risk posed by these threats, network users have traditionally resorted to antivirus and anti-spam software, firewalls, intrusion-detection systems (IDSs), and other add-ons to reduce the likelihood of being affected by threats. In practice, a large industry (companies like Symantec, McAfee, etc.) as well as considerable research efforts are currently centered around developing and deploying tools and techniques to detect threats and anomalies in order to protect the cyber infrastructure and its users from the resulting negative impact of the anomalies.

cyber insurance insurology

In spite of improvements in risk protection techniques over the last decade due to hardware, software and cryptographic methodologies, it is impossible to achieve perfect/near-perfect cyber-security protection.

As of 2014, 90% of the cyber-insurance premium volume was covering exposure in the United States. Although at least 50 insurance companies have cyber-insurance product offerings, the actual writing is concentrated within a group of five underwriters.

Many insurance companies have been hesitant to enter this coverage market, as sound actuarial data for the cyber exposure is non-existent. Hampering the development of this actuarial data is inadequate disclosure regarding cyber attacks by those affected.

With cyber insurance premiums expected to grow from around $2 billion in 2015 to an estimated $20 billion or more by 2025, insurers and reinsurers are continuing to refine underwriting requirements. Market immaturity and lack of standardization are two reasons why underwriting cyber products today make it an interesting place to be in the insurance world. Not only do you have an insurance marketplace that’s trying to reach a standard and accommodate the needs of today’s insured, but you also, at the same time, have a rapidly developing exposure landscape and capacity available.

 Managing your risks
 Companies can protect themselves to some extent by investing in IT security. However, human error remains the primary source of breaches. This risk can be addressed through training but in reality, as with any walk of life, human error will occur. In such circumstances insurance has a significant role to play in enabling companies who have done all they can to manage their risk to transfer that risk. Cyber insurance products cover all of the risks identified above and can either sit alongside existing cover, be built in as part of that cover or sit above traditional policies and “drop in” to any gaps.
 Those policies not only cover the damages and losses that might flow from a breach but can provide assistance in identifying the cause of breaches and prevent them from happening again. They can also provide credit monitoring for customers whose information has been lost and public relations support to deal with any adverse publicity.

Obviously, the quoted line explains the situation why it is hard to have products in this field. We neither have such model nor the data that eventually is hidden from being exposed because of goodwill of the company. Definitely I’m looking for some miracle to happen in near time for Cyber Insurance products. Covering more in upcoming articles.

PS: Going through Mr. ROBOT and finally after more than an year to revive the draft of cyber insurance from my drafts, finally felt that this is important!

What do you think? Can the outcomes of an attack be shared with Actuaries or any hidden Actuarial Society (Not CIA, please)? Thoughts in the comments

Data From: CASACT, WIKIPEDIA

Mayank Goyal

Redmond Lover(Microsoft), London Dreamer(Actuary), California Thinker(Entrepreneur).

You may also like...

Leave a Reply