Managing Accumulation Risk in Cyber Insurance

11 January 2019
Moderated by Petra Wildemann
Guests are Denny Wan and Steve Wilson

The debate extends the concepts of the discussions in the white Papers on “Pro-Active Insurance Pricing Model” and “Cyber Incentive Model” with the discussion of the paper “Advancing Accumulation Risk Management in Cyber Insurance – Prerequisites for the development of a sustainable cyber risk insurance market”. The debate explores how important it is that the insurance markets manage the accumulation risk and learning to understand it better so the market can continue to expand.
We discuss the role of cyber insurance in supply chain risk management and learn that the beneficiaries of the cyber insurance policy in a supply chain context are generally not the policyholders. And furthermore, it can be compared to other insurance lines such as automotive in particular when looking at “Usage Based Insurance (UBI)”, which is a rising parallel trend collecting data from installed black boxes in vehicles. Policyholders just expect “good drivers to be rewarded with lower premiums”, which is also a topic for cyber risks and cyber security, both in technology and in cloud systems.
There is a rapid increase in businesses and individuals, who outsource to the cloud with a potential for risk concentrating around Cloud Service Providers’ operations. The usage of common software packages and some software runs across industries, so these create wide-spread exposure to malware attacks. The insurance industry can provide its experience with other risks in a variety of business lines. In the debate, we discuss several factors regulations, risk mitigation along the risk value chan.
Insurance is fundamentally a risk transfer process rather a technology challenge. It is largely based on people’s perception of risk and their risk appetite. Self-insurance is an easy way out when the perception of risk is hard to define. As Steve explained, maintaining strong underwriting discipline is a foundation to limiting accumulation risk.

Transcript on “Managing Accumulation Risk in Cyber Insurance”

Podcast h

Effects of Cyber Risk in Manufacturing and Production

By Petra Wildemann

I recently observed in Zurich the operation of a highly sophisticated modern crane at the site of a huge building which had been severely damaged by a major fire, to the point where there was imminent danger of collapse of the remaining structure. There was a time when a large number of human beings would have risked their lives to deal with this situation, but now, a single person was able to „give orders“ by remote control to this crane, which then essentially figured out how to execute these orders by using artificial intelligence.

As I watched this, I thought about how with industrialisation, the automation of processes took wing to fly into a new and – then-called – modern world. We now look back and see this as a pre-manufacturing world. Nevertheless, with the start of automation in manufacturing firms, the use of robots has started to bring us today into a world of artificial intelligence. Manufacturing processes are now taken over by technology which is utilized to drive the business in an increasingly complex global network. Back-office applications and fully controlled high-risk manufacturing processes with a variety of technologies produce products with less human labor in the global marketplace.

This change results in an accelerated pace of change in technology due to emerging trends, such as high investments in intellectual property and exponential technologies. Additionally, the growth of smart-phone applications and the rapid adoption of analytical processes to improve internet strategies bear with them the risk that the existing technology may expand to a point where it is entirely out of our control. It is to a remarkable degree already out of our control.

And herein lies the dilema: If we cannot handle the technology, how will we be able to intelligently deal with the risks? Not just the unintended risks entailed by run-away technology, but the risk of those who use AI in order to deliberately do harm. It is an open secret that the society in the dark net is by far better structured than official society, and much better positioned, below the tip of the iceberg, to take advantage of its presence in the Internet of things. The broader value-chain of the technologies being used in the manufacturing and industrial ecosystem is clear only to a small number of people. The specific cyber risks in manufacturing processes, especially in larger-scale processes along the supply value chain, are becoming increasingly mysterious to nearly everyone, and it is also a sad fact that many manufacturers are only just beginning to try to more fully understand cyber risks in relation to their key third parties within their innovation network, their business partners and their subcontractors.

A data set is a crucial asset.

Manufacturers have started to make better use of data, moving from a transactional mindset to the valuation of data as an asset in and of itself. This brings key advantages, but also great risks. To be useful, data has to be made use of, which effectively means that it needs to „move“.  And as it moves: throughout the organisation, through business systems to shop floors, to customers and other third parties, the risk level inevitably increases.

Cyber Insurance Incentive Model

By Denny Wan and Petra Wildemann
27 August 2018

This whitepaper extends the concept of Pro-active Cyber Insurance Pricing Model (by the same authors) leveraging cyber risk control metrics in order to encourage insureds to improve their cyber security posture. This whitepaper explores the underpinning incentive model for cyber insurance policy and its potential to elevate and amplify the incentive effort.

Insurance is a risk transfer model whereby the insurers promise to compensate the insureds financially when the insured risk events materialise. The insurers maintain their right to adjust the payable claim amount based on their assessment of the actual financial damages suffered by the insureds attributable to the insured risk events. The maximum payable claim amount is known as the “policy aggregate limit” in the policy. From the insureds’ perspective, the aggregate limit is a continuum in funding available to mitigate their financial risk exposure to the insured risk events.

The default risk mitigation option is “self-insured” and when the insurance premium is a relatively small sum compared to the aggregate limit, such an approach can be financially attractive.

However, if this market split were to materialise, this would present a very good opportunity for our proposed Pro-active Cyber Insurance Model, since the insurers would earn higher premiums at the risk of higher exposure to a much more concentrated insureds demographics with similar risk profiles.

In the white paper “Cyber Insurance Incentive Model”, Denny Wan and Petra Wildemann tentatively compare Cyber incentive models to more complicated insurance business lines. A great deal of careful analysis will be required to accomplish a more in-depth comparison. This is in particular the case because historical claim-data-driven risk models are not suitable for forecasting future risks, and measurement and modelling approaches that have been developed for other risks (such as natural catastrophes) cannot easily be transferred to cyberrisk. We feel that our approach is genuinely unique and has material value, and we are in the process of clarifying a solid path for execution, e.g. by identifying sources of incentives.

White Paper:
Cyber Insurance Incentive Model

By Denny Wan and Petra Wildemann

Cyber Insurance Incentive model – 27Aug2018

Cyber Insurance Incentive Model

By Denny Wan and Petra Wildemann

Cyber Insurance Incentive model – 27Aug2018

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahren Sie mehr darüber, wie Ihre Kommentardaten verarbeitet werden .

Wishlist 0
Open wishlist page Continue shopping