IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2111.03366.html
   My bibliography  Save this paper

Cyber Risk Frequency, Severity and Insurance Viability

Author

Listed:
  • Matteo Malavasi

    (Department of Actuarial Studies and Business Analytics, Macquarie University, Australia)

  • Gareth W. Peters

    (Department of Statistics and Applied Probability, University of California Santa Barbara, USA
    Department of Actuarial Studies and Business Analytics, Macquarie University, Australia)

  • Pavel V. Shevchenko

    (Department of Actuarial Studies and Business Analytics, Macquarie University, Australia)

  • Stefan Truck

    (Department of Actuarial Studies and Business Analytics, Macquarie University, Australia)

  • Jiwook Jang

    (Department of Actuarial Studies and Business Analytics, Macquarie University, Australia)

  • Georgy Sofronov

    (Department of Mathematics and Statistics, Macquarie University, Australia)

Abstract

In this study an exploration of insurance risk transfer is undertaken for the cyber insurance industry in the United States of America, based on the leading industry dataset of cyber events provided by Advisen. We seek to address two core unresolved questions. First, what factors are the most significant covariates that may explain the frequency and severity of cyber loss events and are they heterogeneous over cyber risk categories? Second, is cyber risk insurable in regards to the required premiums, risk pool sizes and how would this decision vary with the insured companies industry sector and size? We address these questions through a combination of regression models based on the class of Generalised Additive Models for Location Shape and Scale (GAMLSS) and a class of ordinal regressions. These models will then form the basis for our analysis of frequency and severity of cyber risk loss processes. We investigate the viability of insurance for cyber risk using a utility modelling framework with premium calculated by classical certainty equivalence analysis utilising the developed regression models. Our results provide several new key insights into the nature of insurability of cyber risk and rigorously address the two insurance questions posed in a real data driven case study analysis.

Suggested Citation

  • Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    • Handle: RePEc:arx:papers:2111.03366
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2111.03366
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    2. Peters, Gareth W. & Byrnes, Aaron D. & Shevchenko, Pavel V., 2011. "Impact of insurance for operational risk: Is it worthwhile to insure or be insured for severe losses?," Insurance: Mathematics and Economics, Elsevier, vol. 48(2), pages 287-303, March.
    3. Martin Eling & Werner Schnell, 2016. "What do we know about cyber risk and cyber risk insurance?," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 17(5), pages 474-491, November.
    4. Kwangmin Jung, 2021. "Extreme Data Breach Losses: An Alternative Approach to Estimating Probable Maximum Loss for Data Breach Risk," North American Actuarial Journal, Taylor & Francis Journals, vol. 25(4), pages 580-603, November.
    5. Gareth W. Peters & Rodrigo S. Targino & Pavel V. Shevchenko, 2013. "Understanding Operational Risk Capital Approximations: First and Second Orders," Papers 1303.2910, arXiv.org.
    6. Mark Camillo, 2017. "Cyber risk and the changing role of insurance," Journal of Cyber Policy, Taylor & Francis Journals, vol. 2(1), pages 53-63, January.
    7. Antoine Bouveret, 2018. "Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment," IMF Working Papers 2018/143, International Monetary Fund.
    8. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    9. T. Maillart & D. Sornette, 2010. "Heavy-tailed distribution of cyber-risks," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 75(3), pages 357-364, June.
    10. Dahen, Hela & Dionne, Georges, 2010. "Scaling models for the severity and frequency of external operational loss data," Journal of Banking & Finance, Elsevier, vol. 34(7), pages 1484-1496, July.
    11. Ganegoda, Amandha & Evans, John, 2013. "A scaling model for severity of operational losses using generalized additive models for location scale and shape (GAMLSS)," Annals of Actuarial Science, Cambridge University Press, vol. 7(1), pages 61-100, March.
    12. Vuong, Quang H, 1989. "Likelihood Ratio Tests for Model Selection and Non-nested Hypotheses," Econometrica, Econometric Society, vol. 57(2), pages 307-333, March.
    13. Lis Piotr & Mendel Jacob, 2019. "Cyberattacks on critical infrastructure: An economic perspective," Economics and Business Review, Sciendo, vol. 5(2), pages 24-47, June.
    14. Paolo Giudici & Emanuela Raffinetti, 2021. "Cyber risk ordering with rank-based statistical models," AStA Advances in Statistical Analysis, Springer;German Statistical Society, vol. 105(3), pages 469-484, September.
    15. E. Raffinetti & I. Romeo, 2015. "Dealing with the biased effects issue when handling huge datasets: the case of INVALSI data," Journal of Applied Statistics, Taylor & Francis Journals, vol. 42(12), pages 2554-2570, December.
    16. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    17. Valérie Chavez-Demoulin & Paul Embrechts & Marius Hofert, 2016. "An Extreme Value Approach for Modeling Operational Risk Losses Depending on Covariates," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 83(3), pages 735-776, September.
    18. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    19. R. A. Rigby & D. M. Stasinopoulos, 2005. "Generalized additive models for location, scale and shape," Journal of the Royal Statistical Society Series C, Royal Statistical Society, vol. 54(3), pages 507-554, June.
    20. Stasinopoulos, D. Mikis & Rigby, Robert A., 2007. "Generalized Additive Models for Location Scale and Shape (GAMLSS) in R," Journal of Statistical Software, Foundation for Open Access Statistics, vol. 23(i07).
    21. Rakes, Terry R. & Deane, Jason K. & Paul Rees, Loren, 2012. "IT security planning under uncertainty for high-impact events," Omega, Elsevier, vol. 40(1), pages 79-88, January.
    22. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    2. Xie, Haipeng & Sun, Xiaotian & Fu, Wei & Chen, Chen & Bie, Zhaohong, 2023. "Risk management for integrated power and natural gas systems against extreme weather: A coalitional insurance contract approach," Energy, Elsevier, vol. 263(PB).
    3. Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "Cyber Insurance Risk: Reporting Delays, Third-Party Cyber Events, and Changes in Reporting Propensity -- An Analysis Using Data Breaches Published by U.S. State Attorneys General," Papers 2310.04786, arXiv.org.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    2. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    3. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    4. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    5. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    6. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang, 2022. "Cyber Loss Model Risk Translates to Premium Mispricing and Risk Sensitivity," Papers 2202.10588, arXiv.org, revised Mar 2023.
    7. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    8. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    9. Ma, Boyuan & Chu, Tingjin & Jin, Zhuo, 2022. "Frequency and severity estimation of cyber attacks using spatial clustering analysis," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 33-45.
    10. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    11. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    12. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    13. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    14. Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.
    15. Spencer Wheatley & Annette Hofmann & Didier Sornette, 2021. "Addressing insurance of data breach cyber risks in the catastrophe framework," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 46(1), pages 53-78, January.
    16. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    17. Dacorogna, Michel & Debbabi, Nehla & Kratz, Marie, 2023. "Building up cyber resilience by better grasping cyber risk via a new algorithm for modelling heavy-tailed data," European Journal of Operational Research, Elsevier, vol. 311(2), pages 708-729.
    18. Pavel V. Shevchenko & Jiwook Jang & Matteo Malavasi & Gareth W. Peters & Georgy Sofronov & Stefan Truck, 2022. "The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors," Papers 2202.10189, arXiv.org, revised Mar 2022.
    19. Ulrik Franke, 2020. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 760-784, October.
    20. Xiaoying Xie & Charles Lee & Martin Eling, 2020. "Cyber insurance offering and performance: an analysis of the U.S. cyber insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 690-736, October.

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2111.03366. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.