Cyber insurance: models for pricing and reserving

O. Lopez, PhD

Description

In a world increasingly dependent on digital tools, cyber-risk is an emerging threat for global economy. Since cyber-security engineering can never achieve a perfect protection against this risk, cyber-insurance products aim to provide economic repairs to the policyholders. They also play a role of prevention and assistance to the small business companies which may have difficulties to undertake the IT function on their own.

Quantifying the impact of cyber-risk is then a challenging task, in various ways:

  • Pricing : due to the difficulty to estimate the frequency and the typical severity of claims, or to precisely identify risk factors, evaluating the proper price of a contract can be hard, especially when launching a new business.
  • Reserving and risk management : right now, the prices of cyber contracts are mainly driven by the market, more than by a precise risk evaluation. An important question is to evaluate if a company which sold cyber contracts is able to face the corresponding commitments. 
  • Exclusions : since some cyber events may lead to some catastrophic consequences, policies must determine exclusions, or introduce appropriate limits to the policy. On the other hand, if the limits are too low, the policy becomes unattractive and potential policyholders may not subscribe, so quantitative methods to help to determine exclusions or limits are required.
  • Systemic events : the risk of a cyber pandemic has to be taken into account, since it can break the mutualisation. Even if such type of events may, in some cases, be excluded from policies, there is still a need to understand how an insurer can respond to such crisis.
 

In this training, we will describe quantitative tools that can be used to help decision and design of such guarantees. A particular attention is devoted to the methodology, and how to adapt to the (poor) quality of data. We will address cyber-insurance first in a classical frequency / cost dichotomy, before giving some ideas on the models that can be used to consider cyber pandemic.

Speaker

Olivier Lopez

Olivier Lopez

Scientific Advisor, Detralytics
Professor in Actuarial Sciences, Ensae

Date : On-Demand

Duration : 6h

Accreditation : 6CPD – 36PPC

Level : All

Make a Request

Program

  1. Introduction to cyber-risk and cyber-insurance
    • What is cyber-risk?
    • Evolution of cyber-risk
    • What is expected from cyber guarantees
  2. Quantifying the cost of cyber events
    • Public data vs. portfolio data
    • Determination of risk factors
    • Extreme cyber events: short recap on extreme value theory and extreme value regression
    • Example: tree-based methods to categorize cyber events
    • From the model to exclusion policies
    • Mixing public and portfolio data
  3. Frequency of cyber claims and cyber pandemic
    • Frequency of cyber claims
    • Loss of mutualisation
    • Models for assessing the impact of a cyber pandemic

Acquired skills

After completion of the training session, participants will have acquired a general understanding on the main problematics linked to cyber-risk evaluation. They will discuss the quality of cyber data, develop models to evaluate the risk associated with a cyber contract, and design decision tools to determine the perimeter of the guarantee. They will know how to implement these models using R.

About our Speaker

Olivier Lopez

Olivier is a professor at ENSAE in Paris (FR) and also co-director of the Master 2 in Statistics, Finance and Actuarial Sciences. He is a Qualified Actuary and has a compelling academic background developed in prominent universities.

At Detralytics, Olivier coaches young talents, provides cutting-edge training, fosters innovation and oversees R&D projects.

All Trainings