Insights: Modelling and Management of Cyber Risk

cyber insurance papers insurology

The Summary is completely based on research paper by Martin Eling & Jan Hendrik Wirfs.

I read the paper so I summarized it and you’ll find examples with Youtube videos(wherever possible) so as to make sure the approaches they have used are understandable to everyone. The paper contains total of 24 pages which you can download from here. I have just provided the summary of beginning and not appendix. If you’ve interest and probably you should, Discuss it in the Cyber Insurance forums


The aim of the paper is to test whether models which prove to be useful for operational risk can also be applied to an analysis of cyber risk or whether other tools are needed. We are interested in the question whether cyber risks are structurally identical to other operational risks or exhibit distinct characteristics. Our results show that human behavior is the main source of cyber risk and that cyber risks are very different compared to other operational risk from an actuarial point of view

For the academic audience we present effective and contemporary modeling and solution approaches for the novel application area of cyber risk.


1. Information on cyber risk is not publicly available

2. Absence of a clear-cut definition

Cyber risk as “operational risks to information and technology assets that have consequences affecting the confidentiality, availability or integrity of information or information systems”

Having defined cyber risk as a subgroup of operational risk, we use the world’s largest collection of publicly reported operational losses – the SAS OpRisk Global data – and extract cyber risk events using the search and identification strategy described in Appendix 1. The database consists of 30’173 observations between March 1971 and March 2014. All losses are given in USD and adjusted for inflation to make them comparable.


To analyze the statistical properties of cyber risk and to identify the model that describes the data best we use the standard toolbox from actuarial science. After presenting descriptive statistics, we fit the cyber loss data using extreme value theory. In particular, we implement the loss distribution approach (e.g., peak-over-threshold method), which is standard in modelling operational risk. We also present an extended version of this approach where the loss data depends on covariates (following Chavez-Demoulin, Embrechts, and Hofert, 2013) and fit the loss data to various other distributions which have proven to be useful for actuarial loss analysis (e.g., the g-and-h family of distributions, the Generalized Beta distribution of the second kind, and skewed distributions; see, e.g., Dutta and Perry, 2007, and Eling, 2012). To identify the model that works best, we apply standard goodness of fit tests and also more tailored tests for the advanced measurement approaches.


The results of the paper might thus offer important insights for the management of cyber risks, about their insurability and might also provide guidance for the pricing of cyber insurance policies. They are relevant for policymakers and regulators that need to develop sound policies for the treatment of this new, dynamic risk category. For the academic audience we present effective and contemporary modeling and solution approaches for the novel application area of cyber risk.

As I find the necessary info, I’ll keep updating it until then you can express thoughts or any findings here on Cyber Insurance forum.


Mayank Goyal
Redmond Lover(Microsoft), London Dreamer(Actuary), California Thinker(Entrepreneur). Actuarial Science, Blogger, Web Developing, Winphan India, App development, Social Media Managing, Event Managing & bla bla bla.

    1 Comment

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe us for more