My colleague Andrew Coburn recently co-authored an article on Cyber Risk with Simon Ruffle and Sarah Pryor, both researchers at Cambridge University Centre of Risk Studies.
This is a timely article considering the cyber attacks in the past year on big U.S. corporations. Target, Home Depot, JPMorgan and, most recently, Sony Pictures have all had to deal with unauthorized security breaches.
This isn’t the first time Sony has experienced a virtual assault. In 2011, the PlayStation Network suffered one of the biggest security breaches in recent memory, which is reported to have cost the company in excess of $171 million.
Cyber attacks can be costly and insurers are hesitant to offer commercial cyber attack coverage because the risk is not well understood.
Andrew and his co-authors contend that insurers are not concerned with individual loss events, such as the targeted security penetrations we’ve seen recently on Sony and JP Morgan. It’s whether individual loss events are manageable across a whole portfolio of policies.
The biggest challenge in evaluating cyber risk is its inherent systemic complexity and interconnectivity. The internet, the technology companies that run on it, and the enterprises they serve are inextricably intertwined; shocks to one part of a network can quickly cascade and affect the rest of the whole system.
Can catastrophe-modelling methodologies provide the solution? Read the full article in The Actuary here.