IDEAS home Printed from https://ideas.repec.org/a/eee/insuma/v106y2022icp90-114.html
   My bibliography  Save this article

Cyber risk frequency, severity and insurance viability

Author

Listed:
  • Malavasi, Matteo
  • Peters, Gareth W.
  • Shevchenko, Pavel V.
  • Trück, Stefan
  • Jang, Jiwook
  • Sofronov, Georgy

Abstract

In this study an exploration of insurance risk transfer is undertaken for the cyber insurance industry in the United States of America, based on the leading industry dataset of cyber events provided by Advisen. We seek to address two core unresolved questions. First, what factors are the most significant covariates that may explain the frequency and severity of cyber loss events and are they heterogeneous over cyber risk categories? Second, is cyber risk insurable in regards to the required premiums, risk pool sizes and how would this decision vary with the insured companies industry sector and size? We address these questions through a combination of regression models based on the class of Generalized Additive Models for Location Shape and Scale (GAMLSS) and a class of ordinal regressions. These models will then form the basis for our analysis of frequency and severity of cyber risk loss processes. We investigate the viability of insurance for cyber risk using a utility modeling framework with premiums calculated by classical certainty equivalence analysis utilizing the developed regression models. Our results provide several new key insights into the nature of insurability of cyber risk and rigorously address the two insurance questions posed in a real data driven case study analysis.

Suggested Citation

  • Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    • Handle: RePEc:eee:insuma:v:106:y:2022:i:c:p:90-114
    DOI: 10.1016/j.insmatheco.2022.05.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0167668722000610
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.insmatheco.2022.05.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    2. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    3. Dahen, Hela & Dionne, Georges, 2010. "Scaling models for the severity and frequency of external operational loss data," Journal of Banking & Finance, Elsevier, vol. 34(7), pages 1484-1496, July.
    4. Peters, Gareth W. & Byrnes, Aaron D. & Shevchenko, Pavel V., 2011. "Impact of insurance for operational risk: Is it worthwhile to insure or be insured for severe losses?," Insurance: Mathematics and Economics, Elsevier, vol. 48(2), pages 287-303, March.
    5. Martin Eling & Werner Schnell, 2016. "What do we know about cyber risk and cyber risk insurance?," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 17(5), pages 474-491, November.
    6. Gareth W. Peters & Rodrigo S. Targino & Pavel V. Shevchenko, 2013. "Understanding Operational Risk Capital Approximations: First and Second Orders," Papers 1303.2910, arXiv.org.
    7. Mark Camillo, 2017. "Cyber risk and the changing role of insurance," Journal of Cyber Policy, Taylor & Francis Journals, vol. 2(1), pages 53-63, January.
    8. Antoine Bouveret, 2018. "Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment," IMF Working Papers 2018/143, International Monetary Fund.
    9. Stasinopoulos, D. Mikis & Rigby, Robert A., 2007. "Generalized Additive Models for Location Scale and Shape (GAMLSS) in R," Journal of Statistical Software, Foundation for Open Access Statistics, vol. 23(i07).
    10. Rakes, Terry R. & Deane, Jason K. & Paul Rees, Loren, 2012. "IT security planning under uncertainty for high-impact events," Omega, Elsevier, vol. 40(1), pages 79-88, January.
    11. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    12. Bessy-Roland, Yannick & Boumezoued, Alexandre & Hillairet, Caroline, 2021. "Multivariate Hawkes process for cyber insurance," Annals of Actuarial Science, Cambridge University Press, vol. 15(1), pages 14-39, March.
    13. Fahrenwaldt, Matthias A. & Weber, Stefan & Weske, Kerstin, 2018. "Pricing Of Cyber Insurance Contracts In A Network Model," ASTIN Bulletin, Cambridge University Press, vol. 48(3), pages 1175-1218, September.
    14. Vuong, Quang H, 1989. "Likelihood Ratio Tests for Model Selection and Non-nested Hypotheses," Econometrica, Econometric Society, vol. 57(2), pages 307-333, March.
    15. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    16. Pierre-Olivier Goffard & Patrick Laub, 2021. "Approximate Bayesian Computations to fit and compare insurance loss models," Working Papers hal-02891046, HAL.
    17. Lis Piotr & Mendel Jacob, 2019. "Cyberattacks on critical infrastructure: An economic perspective," Economics and Business Review, Sciendo, vol. 5(2), pages 24-47, June.
    18. E. Raffinetti & I. Romeo, 2015. "Dealing with the biased effects issue when handling huge datasets: the case of INVALSI data," Journal of Applied Statistics, Taylor & Francis Journals, vol. 42(12), pages 2554-2570, December.
    19. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    20. Goffard, Pierre-Olivier & Laub, Patrick J., 2021. "Approximate Bayesian Computations to fit and compare insurance loss models," Insurance: Mathematics and Economics, Elsevier, vol. 100(C), pages 350-371.
    21. Kwangmin Jung, 2021. "Extreme Data Breach Losses: An Alternative Approach to Estimating Probable Maximum Loss for Data Breach Risk," North American Actuarial Journal, Taylor & Francis Journals, vol. 25(4), pages 580-603, November.
    22. T. Maillart & D. Sornette, 2010. "Heavy-tailed distribution of cyber-risks," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 75(3), pages 357-364, June.
    23. Ganegoda, Amandha & Evans, John, 2013. "A scaling model for severity of operational losses using generalized additive models for location scale and shape (GAMLSS)," Annals of Actuarial Science, Cambridge University Press, vol. 7(1), pages 61-100, March.
    24. Maochao Xu & Lei Hua, 2019. "Cybersecurity Insurance: Modeling and Pricing," North American Actuarial Journal, Taylor & Francis Journals, vol. 23(2), pages 220-249, April.
    25. Valérie Chavez-Demoulin & Paul Embrechts & Marius Hofert, 2016. "An Extreme Value Approach for Modeling Operational Risk Losses Depending on Covariates," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 83(3), pages 735-776, September.
    26. R. A. Rigby & D. M. Stasinopoulos, 2005. "Generalized additive models for location, scale and shape," Journal of the Royal Statistical Society Series C, Royal Statistical Society, vol. 54(3), pages 507-554, June.
    27. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    2. Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "On the evolution of data breach reporting patterns and frequency in the United States: a cross-state analysis," Papers 2310.04786, arXiv.org, revised Jun 2024.
    3. Xie, Haipeng & Sun, Xiaotian & Fu, Wei & Chen, Chen & Bie, Zhaohong, 2023. "Risk management for integrated power and natural gas systems against extreme weather: A coalitional insurance contract approach," Energy, Elsevier, vol. 263(PB).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    2. Matteo Malavasi & Gareth W. Peters & Stefan Treuck & Pavel V. Shevchenko & Jiwook Jang & Georgy Sofronov, 2024. "Cyber Risk Taxonomies: Statistical Analysis of Cybersecurity Risk Classifications," Papers 2410.05297, arXiv.org.
    3. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    4. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    5. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    6. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    7. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    8. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang, 2022. "Cyber Loss Model Risk Translates to Premium Mispricing and Risk Sensitivity," Papers 2202.10588, arXiv.org, revised Mar 2023.
    9. Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.
    10. Ma, Boyuan & Chu, Tingjin & Jin, Zhuo, 2022. "Frequency and severity estimation of cyber attacks using spatial clustering analysis," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 33-45.
    11. Na Ren & Xin Zhang, 2024. "A novel k-generation propagation model for cyber risk and its application to cyber insurance," Papers 2408.14151, arXiv.org.
    12. Dacorogna, Michel & Debbabi, Nehla & Kratz, Marie, 2023. "Building up cyber resilience by better grasping cyber risk via a new algorithm for modelling heavy-tailed data," European Journal of Operational Research, Elsevier, vol. 311(2), pages 708-729.
    13. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    14. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    15. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    16. Da, Gaofeng & Xu, Maochao & Zhao, Peng, 2021. "Multivariate dependence among cyber risks based on L-hop propagation," Insurance: Mathematics and Economics, Elsevier, vol. 101(PB), pages 525-546.
    17. Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "On the evolution of data breach reporting patterns and frequency in the United States: a cross-state analysis," Papers 2310.04786, arXiv.org, revised Jun 2024.
    18. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    19. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    20. Caroline Hillairet & Olivier Lopez, 2021. "Propagation of cyber incidents in an insurance portfolio: counting processes combined with compartmental epidemiological models," Post-Print hal-02564462, HAL.

    More about this item

    Keywords

    Cyber risk; GAMLSS; Cyber risk insurance; Ordinal regression;
    All these keywords.

    JEL classification:

    • G22 - Financial Economics - - Financial Institutions and Services - - - Insurance; Insurance Companies; Actuarial Studies
    • G32 - Financial Economics - - Corporate Finance and Governance - - - Financing Policy; Financial Risk and Risk Management; Capital and Ownership Structure; Value of Firms; Goodwill
    • C51 - Mathematical and Quantitative Methods - - Econometric Modeling - - - Model Construction and Estimation
    • C52 - Mathematical and Quantitative Methods - - Econometric Modeling - - - Model Evaluation, Validation, and Selection
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software
    • G28 - Financial Economics - - Financial Institutions and Services - - - Government Policy and Regulation

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:insuma:v:106:y:2022:i:c:p:90-114. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/inca/505554 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.