IDEAS home Printed from https://ideas.repec.org/a/cup/bracjl/v25y2020ip-_2.html
   My bibliography  Save this article

Silent cyber assessment framework

Author

Listed:
  • Cartagena, S.
  • Gosrani, V.
  • Grewal, J.
  • Pikinska, J.

Abstract

The (re)insurance industry is faced with a growing risk related to the development of information technology (IT). This growth is creating an increasingly digitally interconnected world with more and more dependence being placed on IT systems to manage processes. This is generating opportunities for new insurance products and coverages to directly address the risks that companies face. However, it is also changing the risk landscape of existing classes of business within non-life insurance where there is inherent risk of loss as a result of IT events that cannot be or have not been excluded in policy wordings or are changing the risk profile of traditional risks. This risk of losses to non-cyber classes of business resulting from cyber as a peril that has not been intentionally included (often by not clearly excluding it) is defined as non-affirmative cyber risk, and the level of understanding of this issue and the cyber peril exposure from non-cyber policies varies across the market. In contract wordings, the market has remained relatively “silent” across most lines of business about potential losses resulting from IT-related events, either by not addressing the potential issue or excluding via exclusions. Some classes of business recognise the exposure by use of write-backs. Depending on the line of business, the approach will vary as to how best to turn any “silent” exposure into a known quantity either by robust exclusionary language, pricing or exposure monitoring. This paper proposes a framework to help insurance companies address the issue of non-affirmative cyber risk across their portfolios. Whilst the framework is not intended to be an all-encompassing solution to the issue, it has been developed to help those tasked with addressing the issue to be able to perform a structured analysis of the issue. Each company’s analysis will need to tailor the basis of the framework to fit their structure and underwriting procedures. Ultimately, the framework should be used to help analysts engage with management on this issue so that the risk is understood, and any risk mitigation actions can be taken if required. In the appendix, we present a worked example to illustrate how companies could implement the framework. The example is entirely fictional, is focused on non-life specialty insurance, and is intended only to help demonstrate one possible way in which to apply the framework.

Suggested Citation

  • Cartagena, S. & Gosrani, V. & Grewal, J. & Pikinska, J., 2020. "Silent cyber assessment framework," British Actuarial Journal, Cambridge University Press, vol. 25, pages 1-1, January.
    • Handle: RePEc:cup:bracjl:v:25:y:2020:i::p:-_2
    as

    Download full text from publisher

    File URL: https://www.cambridge.org/core/product/identifier/S1357321720000021/type/journal_article
    File Function: link to article abstract page
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:cup:bracjl:v:25:y:2020:i::p:-_2. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Kirk Stebbing (email available below). General contact details of provider: https://www.cambridge.org/baj .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.