IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2310.04786.html
   My bibliography  Save this paper

Cyber Insurance Risk: Reporting Delays, Third-Party Cyber Events, and Changes in Reporting Propensity -- An Analysis Using Data Breaches Published by U.S. State Attorneys General

Author

Listed:
  • Benjamin Avanzi

    (University of Melbourne)

  • Xingyun Tan

    (University of Melbourne)

  • Greg Taylor

    (UNSW Sydney)

  • Bernard Wong

    (UNSW Sydney)

Abstract

With the rise of cyber threats, cyber insurance is becoming an important consideration for businesses. However, research on cyber insurance risk has so far been hindered by the general lack of data, as well as limitations underlying what limited data are available publicly. Specifically and of particular importance to cyber insurance modelling, limitations arising from lack of information regarding (i) delays in reporting, (ii) all businesses affected by third-party events, and (iii) changes in reporting propensity. In this paper, we fill this important gap by utilising an underrecognised set of public data provided by U.S. state Attorneys General, and provide new insights on the true scale of cyber insurance risk. These data are collected based on mandatory reporting requirements of data breaches, and contain substantial and detailed information. We further discuss extensively the associated implications of our findings for cyber insurance pricing, reserving, underwriting, and experience monitoring.

Suggested Citation

  • Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "Cyber Insurance Risk: Reporting Delays, Third-Party Cyber Events, and Changes in Reporting Propensity -- An Analysis Using Data Breaches Published by U.S. State Attorneys General," Papers 2310.04786, arXiv.org.
    • Handle: RePEc:arx:papers:2310.04786
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2310.04786
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    2. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    3. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    4. Karthik Sriram & Peng Shi, 2021. "Stochastic loss reserving: A new perspective from a Dirichlet model," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 88(1), pages 195-230, March.
    5. Peng Shi, 2017. "A Multivariate Analysis of Intercompany Loss Triangles," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 84(2), pages 717-737, June.
    6. Liu, Jia & Li, Jackie & Daly, Kevin, 2022. "Bayesian vine copulas for modelling dependence in data breach losses," Annals of Actuarial Science, Cambridge University Press, vol. 16(2), pages 401-424, July.
    7. Mack, Thomas, 1993. "Distribution-free Calculation of the Standard Error of Chain Ladder Reserve Estimates," ASTIN Bulletin, Cambridge University Press, vol. 23(2), pages 213-225, November.
    8. Yves L. Grize, 2015. "Applications of Statistics in the Field of General Insurance: An Overview," International Statistical Review, International Statistical Institute, vol. 83(1), pages 135-159, April.
    9. Katrien Antonio & Jan Beirlant, 2008. "Issues in Claims Reserving and Credibility: A Semiparametric Approach With Mixed Models," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 75(3), pages 643-676, September.
    10. England, P.D. & Verrall, R.J., 2002. "Stochastic Claims Reserving in General Insurance," British Actuarial Journal, Cambridge University Press, vol. 8(3), pages 443-518, August.
    11. Renshaw, A.E. & Verrall, R.J., 1998. "A Stochastic Model Underlying the Chain-Ladder Technique," British Actuarial Journal, Cambridge University Press, vol. 4(4), pages 903-923, October.
    12. Spencer Wheatley & Thomas Maillart & Didier Sornette, 2016. "The extreme risk of personal data breaches and the erosion of privacy," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 89(1), pages 1-12, January.
    13. Kris Peremans & Pieter Segaert & Stefan Van Aelst & Tim Verdonck, 2017. "Robust bootstrap procedures for the chain-ladder method," Scandinavian Actuarial Journal, Taylor & Francis Journals, vol. 2017(10), pages 870-897, November.
    14. Verrall, R. J., 2000. "An investigation into stochastic claims reserving models and the chain-ladder technique," Insurance: Mathematics and Economics, Elsevier, vol. 26(1), pages 91-99, February.
    15. Leonardo Costa & Adrian Pizzinga & Rodrigo Atherino, 2016. "Modeling and predicting IBNR reserve: extended chain ladder and heteroscedastic regression analysis," Journal of Applied Statistics, Taylor & Francis Journals, vol. 43(5), pages 847-870, April.
    16. Bessy-Roland, Yannick & Boumezoued, Alexandre & Hillairet, Caroline, 2021. "Multivariate Hawkes process for cyber insurance," Annals of Actuarial Science, Cambridge University Press, vol. 15(1), pages 14-39, March.
    17. Eling, Martin & Jung, Kwangmin & Shim, Jeungbo, 2022. "Unraveling heterogeneity in cyber risks using quantile regressions," Insurance: Mathematics and Economics, Elsevier, vol. 104(C), pages 222-242.
    18. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    19. Kwangmin Jung, 2021. "Extreme Data Breach Losses: An Alternative Approach to Estimating Probable Maximum Loss for Data Breach Risk," North American Actuarial Journal, Taylor & Francis Journals, vol. 25(4), pages 580-603, November.
    20. Hong Sun & Maochao Xu & Peng Zhao, 2021. "Modeling Malicious Hacking Data Breach Risks," North American Actuarial Journal, Taylor & Francis Journals, vol. 25(4), pages 484-502, November.
    21. Mack, Thomas, 1994. "Which stochastic model is underlying the chain ladder method?," Insurance: Mathematics and Economics, Elsevier, vol. 15(2-3), pages 133-138, December.
    22. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    23. Paulo J. R. Pinheiro & João Manuel Andrade e Silva & Maria De Lourdes Centeno, 2003. "Bootstrap Methodology in Claim Reserving," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 70(4), pages 701-714, December.
    24. Spencer Wheatley & Thomas Maillart & Didier Sornette, 2016. "The extreme risk of personal data breaches and the erosion of privacy," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 89(1), pages 1-12, January.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    2. Leonardo Costa & Adrian Pizzinga, 2020. "State‐space models for predicting IBNR reserve in row‐wise ordered runoff triangles: Calendar year IBNR reserves & tail effects," Journal of Forecasting, John Wiley & Sons, Ltd., vol. 39(3), pages 438-448, April.
    3. Liivika Tee & Meelis Käärik & Rauno Viin, 2017. "On Comparison of Stochastic Reserving Methods with Bootstrapping," Risks, MDPI, vol. 5(1), pages 1-21, January.
    4. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    5. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    6. Verdonck, T. & Debruyne, M., 2011. "The influence of individual claims on the chain-ladder estimates: Analysis and diagnostic tool," Insurance: Mathematics and Economics, Elsevier, vol. 48(1), pages 85-98, January.
    7. Gian Paolo Clemente & Nino Savelli & Diego Zappa, 2019. "Modelling Outstanding Claims with Mixed Compound Processes in Insurance," International Business Research, Canadian Center of Science and Education, vol. 12(3), pages 123-138, March.
    8. Pitselis, Georgios & Grigoriadou, Vasiliki & Badounas, Ioannis, 2015. "Robust loss reserving in a log-linear model," Insurance: Mathematics and Economics, Elsevier, vol. 64(C), pages 14-27.
    9. Bennet Skarczinski & Mathias Raschke & Frank Teuteberg, 2023. "Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 463-501, April.
    10. Eduardo Ramos-P'erez & Pablo J. Alonso-Gonz'alez & Jos'e Javier N'u~nez-Vel'azquez, 2020. "Stochastic reserving with a stacked model based on a hybridized Artificial Neural Network," Papers 2008.07564, arXiv.org.
    11. Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.
    12. Portugal, Luís & Pantelous, Athanasios A. & Verrall, Richard, 2021. "Univariate and multivariate claims reserving with Generalized Link Ratios," Insurance: Mathematics and Economics, Elsevier, vol. 97(C), pages 57-67.
    13. Lindholm, Mathias & Verrall, Richard, 2020. "Regression based reserving models and partial information," Insurance: Mathematics and Economics, Elsevier, vol. 94(C), pages 109-124.
    14. Verrall, R.J. & England, P.D., 2005. "Incorporating expert opinion into a stochastic model for the chain-ladder technique," Insurance: Mathematics and Economics, Elsevier, vol. 37(2), pages 355-370, October.
    15. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    16. Kunkler, Michael, 2006. "Modelling negatives in stochastic reserving models," Insurance: Mathematics and Economics, Elsevier, vol. 38(3), pages 540-555, June.
    17. Karthik Sriram & Peng Shi, 2021. "Stochastic loss reserving: A new perspective from a Dirichlet model," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 88(1), pages 195-230, March.
    18. Pešta, Michal & Hudecová, Šárka, 2012. "Asymptotic consistency and inconsistency of the chain ladder," Insurance: Mathematics and Economics, Elsevier, vol. 51(2), pages 472-479.
    19. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    20. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2310.04786. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.