IDEAS home Printed from https://ideas.repec.org/p/hal/wpaper/hal-02564462.html
   My bibliography  Save this paper

Propagation of cyber incidents in an insurance portfolio: counting processes combined with compartmental epidemiological models

Author

Listed:
  • Caroline Hillairet

    () (CMAP - Centre de Mathématiques Appliquées - Ecole Polytechnique - X - École polytechnique - CNRS - Centre National de la Recherche Scientifique)

  • Olivier Lopez

    () (LPSM (UMR_8001) - Laboratoire de Probabilités, Statistiques et Modélisations - SU - Sorbonne Université - CNRS - Centre National de la Recherche Scientifique - UP - Université de Paris)

Abstract

In this paper, we propose a general framework to design accumulation scenarios that can be used to anticipate the impact of a massive cyber attack on an insurance portfolio. The aim is also to emphasize the role of countermeasures in stopping the spread of the attack over the portfolio, and to quantify the benefits of implementing such strategies of response. Our approach consists of separating the global dynamic of the cyber event (that can be described through compartmental epidemiological models), the effect on the portfolio, and the response strategy. This general framework allows us to obtain Gaussian approximations for the corresponding processes, and sharp confidence bounds for the losses. A detailed simulation study, which mimics the effects of a Wannacry scenario, illustrates the practical implementation of the method.

Suggested Citation

  • Caroline Hillairet & Olivier Lopez, 2020. "Propagation of cyber incidents in an insurance portfolio: counting processes combined with compartmental epidemiological models," Working Papers hal-02564462, HAL.
  • Handle: RePEc:hal:wpaper:hal-02564462
    Note: View the original document on HAL open archive server: https://hal.archives-ouvertes.fr/hal-02564462v2
    as

    Download full text from publisher

    File URL: https://hal.archives-ouvertes.fr/hal-02564462v2/document
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Runhuan Feng & Jose Garrido, 2011. "Actuarial Applications of Epidemiological Models," North American Actuarial Journal, Taylor & Francis Journals, vol. 15(1), pages 112-136.
    2. Amine El Koufi & Jihad Adnani & Abdelkrim Bennar & Noura Yousfi, 2019. "Analysis of a Stochastic SIR Model with Vaccination and Nonlinear Incidence Rate," International Journal of Differential Equations, Hindawi, vol. 2019, pages 1-9, August.
    3. Hua Chen & Samuel Cox, 2009. "An Option-Based Operational Risk Management Model for Pandemics," North American Actuarial Journal, Taylor & Francis Journals, vol. 13(1), pages 54-76.
    4. Martin Eling & Werner Schnell, 2016. "What do we know about cyber risk and cyber risk insurance?," Journal of Risk Finance, Emerald Group Publishing, vol. 17(5), pages 474-491, November.
    5. Mark Camillo, 2017. "Cyber risk and the changing role of insurance," Journal of Cyber Policy, Taylor & Francis Journals, vol. 2(1), pages 53-63, January.
    6. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Ulrik Franke, 2020. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 760-784, October.
    2. Xiaoying Xie & Charles Lee & Martin Eling, 2020. "Cyber insurance offering and performance: an analysis of the U.S. cyber insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 690-736, October.
    3. Ulrik Franke, 0. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-25.
    4. Xiaowei Chen & Wing Fung Chong & Runhuan Feng & Linfeng Zhang, 2020. "Pandemic risk management: resources contingency planning and allocation," Papers 2012.03200, arXiv.org.
    5. Omer Ilker Poyraz & Mustafa Canan & Michael McShane & C. Ariel Pinto & T. Steven Cotter, 2020. "Cyber assets at risk: monetary impact of U.S. personally identifiable information mega data breaches," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 616-638, October.
    6. Angelica Marotta & Michael McShane, 2018. "Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 21(3), pages 435-452, December.
    7. Dirk Wrede & Tino Stegen & Johann-Matthias Schulenburg, 2020. "Affirmative and silent cyber coverage in traditional insurance policies: Qualitative content analysis of selected insurance products from the German insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 657-689, October.
    8. Xiaoying Xie & Charles Lee & Martin Eling, 0. "Cyber insurance offering and performance: an analysis of the U.S. cyber insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-47.
    9. Hainaut, Donatien, 2020. "An actuarial approach for modeling pandemic risk," LIDAM Discussion Papers ISBA 2020025, Université catholique de Louvain, Institute of Statistics, Biostatistics and Actuarial Sciences (ISBA).
    10. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    11. Donatien Hainaut, 2020. "An Actuarial Approach for Modeling Pandemic Risk," Risks, MDPI, Open Access Journal, vol. 9(1), pages 1-28, December.
    12. Rosie Collins & Cavan O’Connor-Close & Aria Zhang, 2020. "Cyber incident cost estimates and the importance of building resilience," Reserve Bank of New Zealand Bulletin, Reserve Bank of New Zealand, vol. 84, pages 1-17, February.
    13. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    14. David M. Pooser & Mark J. Browne & Oleksandra Arkhangelska, 2018. "Growth in the Perception of Cyber Risk: Evidence from U.S. P&C Insurers," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 208-223, April.
    15. Muhsin Tamturk & Dominic Cortis & Mark Farrell, 2020. "Examining the Effects of Gradual Catastrophes on Capital Modelling and the Solvency of Insurers: The Case of COVID-19," Risks, MDPI, Open Access Journal, vol. 8(4), pages 1-13, December.
    16. Oleg Kolesnikov & Alexander Markov & Daulet Smagulov & Sergejs Solovjovs, 2019. "Cyber bonds and their pricing models," Papers 1911.06698, arXiv.org.
    17. Eric Dal Moro, 2020. "Towards an Economic Cyber Loss Index for Parametric Cover Based on IT Security Indicator: A Preliminary Analysis," Risks, MDPI, Open Access Journal, vol. 8(2), pages 1-12, May.
    18. Maik Dehnert, 2020. "Sustaining the current or pursuing the new: incumbent digital transformation strategies in the financial service industry," Business Research, Springer;German Academic Association for Business Research, vol. 13(3), pages 1071-1113, November.
    19. Ulrik Franke & Amanda Hoxell, 2020. "Observable Cyber Risk on Cournot Oligopoly Data Storage Markets," Risks, MDPI, Open Access Journal, vol. 8(4), pages 1-15, November.
    20. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.

    More about this item

    Keywords

    Cyber insurance; emerging risks; counting processes; compartmental epi- demiological models; risk theory; compartmental epidemiological models;
    All these keywords.

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:hal:wpaper:hal-02564462. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (CCSD). General contact details of provider: https://hal.archives-ouvertes.fr/ .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.