blue technology circuit diagram with glowing line lights
Cyber insurance: models for pricing and reserving
DATE : March 24 & 31, 2021 LENGHT : 2 x 3h (from 5pm to 8pm UTC+1) TYPE : Online training via Teams INDUSTRY : Insurance REQUIREMENTS : PC with dedicated R packages LANGUAGE : English ACCREDITATION : 6 CPD points | 36 points PPC PRICE : 750€ excl. VAT
In a world increasingly dependent on digital tools, cyber-risk is an emerging threat for global economy. Since cyber-security engineering can never achieve a perfect protection against this risk, cyber-insurance products aim to provide economic repairs to the policyholders. They also play a role of prevention and assistance to the small business companies which may have difficulties to undertake the IT function on their own.
Quantifying the impact of cyber-risk is then a challenging task, in various ways:
Pricing: due to the difficulty to estimate the frequency and the typical severity of claims, or to precisely identify risk factors, evaluating the proper price of a contract can be hard, especially when launching a new business.
Reserving, risk management: right now, the prices of cyber contracts are mainly driven by the market, more than by a precise risk evaluation. An important question is to evaluate if a company which sold cyber contracts is able to face the corresponding commitments.
exclusion: since some cyber events may lead to some catastrophic consequences, policies must determine exclusions, or introduce appropriate limits to the policy. On the other hand, if the limits are too low, the policy becomes unattractive and potential policyholders may not subscribe, so quantitative methods to help to determine exclusions or limits are required.
systemic events: the risk of a cyber pandemic has to be taken into account, since it can break the mutualisation. Even if such type of events may, in some cases, be excluded from policies, there is still a need to understand how an insurer can respond to such crisis.
In this training, we will describe quantitative tools that can be used to help decision and design of such guarantees. A particular attention is devoted to the methodology, and how to adapt to the (poor) quality of data. We will address cyber-insurance first in a classical frequency / cost dichotomy, before giving some ideas on the models that can be used to consider cyber pandemic.
Introduction to cyber-risk and cyber-insurance:
What is cyber-risk?
Evolution of cyber-risk.
What is expected from cyber guarantees.
Quantifying the cost of cyber events:
Public data Vs. Portfolio data.
Determination of risk factors.
Extreme cyber events: short recap on extreme value theory and extreme value regression.
Example: tree-based methods to categorize cyber events.
From the model to exclusion policies.
Mixing public and portfolio data.
Frequency of cyber claims and cyber pandemic:
Frequency of cyber claims.
Loss of mutualisation.
Models for assessing the impact of a cyber pandemic.
After completion of the training session, participants will have acquired a general understanding on the main problematics linked to cyber-risk evaluation.
They will be able to discuss the quality of cyber data, and to develop models to evaluate the risk associated with a cyber contract, and decision tools to determine the perimeter of the guarantee. They will know how to implement these models using R.