New cyber framework targets accumulation risk

February 12 2016 by InsuranceAsia News Staff

The Cambridge Centre for Risk Studies and Risk Management Solutions have published a framework for modelling strategies to help measure and constrain cyber risk.

Market surveys suggest that demand for cyber insurance significantly exceeds the capacity currently provided by the insurance industry. A big part of the problem is that underwriters are wary of accumulating cyber risks.

Managing cyber accumulation in a portfolio of insured policies requires a specific data structure to record the attributes of exposure that could potentially correlate.

“We know we can write earthquake exposures in both Japan and California with the confidence that the same event will not impact all these exposures at once,” said Hemant Shah, co-founder and chief executive of RMS. “We know to be wary of writing two industrial risks along the same river basin, and the role flood defences play in mitigating loss. With cyber risks, the contours of systemic accumulation are not as clear.”

The new Cyber Insurance Exposure Data Schema, developed in cooperation with the insurance industry, aims to address this challenge.

rms_cyber-infographicCurrently, coverage provided by insurance products on the market varies widely. Each company has its own set of data attributes that it monitors and uses to manage its cyber risk. In some cases, these attributes are confidential and viewed as a competitive advantage.

The schema provides a specification for structured information records in a database, to capture cyber insurance exposure in a way that can be standardised across insurance industry participants.

Cyber crime is estimated to cost the global economy as much as $445 billion a year, though identifying the costs and incidence of financial transaction crime from cyber are particularly difficult as there is no regulatory requirement for a financial services company to publicly declare a theft from its system, unlike the regulatory requirements for data loss.

“As businesses and stakeholders throughout society increasingly make mitigating cyber threats a top priority, the industry needs to adapt to remain relevant,” said Shah. “An engaged and vital cyber insurance market will not only be good for the industry but will also ensure a more resilient economy.”