Heavy-Tailed Data Breaches and the Challenge of Insuring Cyber Risks: A Man-Made Natural Catastrophe?
METADATA ONLY
Loading...
Author / Producer
Date
2020-03-10
Publication Type
Other Conference Item
ETH Bibliography
yes
Citations
Altmetric
METADATA ONLY
Data
Rights / License
Abstract
Development of sustainable insurance for cyber risks, with associated benefits, inter alia requires reduction of ambiguity of the risk. Considering cyber risk, and data breaches in particular, as a man-made catastrophe clarifies the actuarial need for multiple levels of analysis - going beyond claims-driven loss statistics alone to include exposure, hazard, breach size, and so on - and necessitating specific advances in scope, quality, and standards of both data and models. The prominent human element, as well as dynamic, networked, and multi-type nature, of cyber risk makes it perhaps uniquely challenging. Complementary top-down statistical, and bottom-up analytical approaches are discussed. Focusing on data breach severity, measured in private information items ('ids') extracted, we exploit relatively mature open data for U.S. data breaches. We show that this extremely heavy-tailed risk is worsening for external attacker ('hack') events - both in frequency and severity. Writing in Q2-2018, the median predicted number of ids breached in the U.S. due to hacking, for the last 6 months of 2018, is 0.5 billion. But with a 5% chance that the figure exceeds 7 billion - doubling the historical total. 'Fortunately' the total breach in that period turned out to be near the median. Show less
Permanent link
Publication status
unpublished
External links
Editor
Book title
Journal / series
Volume
Pages / Article No.
Publisher
Event
Emerging Risks Conference
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Organisational unit
03738 - Sornette, Didier (emeritus) / Sornette, Didier (emeritus)
Notes
Presented at the Symposium on Insurance and Emerging Risks, St. John's University.