Cyber Risk emerges in the Property & Casualty Market – Reflections on a Year of Education and Research

Cyber risk is likely the most significant property casualty risk to emerge in recent times. Premiums for cyber risk are growing significantly, and daily headlines bring attention to yet another major data breach affecting an entity. Most of us with credit cards have probably had new cards issued because of a breach in the last year, and many of us have had health information compromised. Cyber Risk Throughout the course of 2015, I attended several cyber and security risk management, conferences in addition to doing extensive research on the topic. After reflecting on the information, I have compiled a summary of important actuarial issues related to cyber risk.

  • Credible industry data or unique company data does not exist for most companies to assess cyber risk using solely quantitative methods. Instead, the process of evaluating cyber risk should be holistic, involving both quantitative and qualitative assessments.
  • Limited industry benchmarking data does exist, however. Three example sources of data are the Ponemon Institute, The Verizon Data Breach Investigations Report, and the RIMS Cyber Survey.
  • The components of a cyber risk event could involve many expense items, such as litigation, public relations, investigations, privacy breach notifications, data restoration, regulatory penalties, loss of customers, and reputational risk.
  • Cyber risk is being added to some of the captives SIGMA works on. Our experience is that the risk is normally included in captives as deductible coverage or low limit coverage. Since policy types are almost always claims-made, year-end reserving is straightforward, if there is no reported or known claim as of the evaluation date.

As of May 2014, there will be a shift in language of GL policies to reflect a group of exclusions to prevent GL policies from covering cyber risk as proposed by ISO. This should increase the purchase of stand-alone cyber policies.

Cyber risk policies are difficult to compare due to an extreme lack of consistency in policy structure, language, exclusions, and coverage. Definitions of these may even vary considerably.

Cyber risk introduces broad and sweeping threats to a company. It truly is an enterprise risk and should be handled in a holistic fashion with multiple departments within a company or entity involved in managing the risk. Additionally, external experts from various disciplines should be considered for addition to a team evaluating the risk. Actuarial implications and analyses at this stage of emergence are difficult to define. However, as stand-alone policies continue to emerge, and as companies begin to include the risk in captive insurance companies, the need for analysis will become more important.

We welcome your feedback by posting a comment, or contacting Michelle Bradley at mb@SIGMAactuary.com.
© 2016 SIGMA Actuarial Consulting Group, Inc.

Share and Enjoy:
  • LinkedIn
  • Twitter
  • Facebook
  • Google Bookmarks
  • Print
Michelle Bradley, ACAS, MAAA, ARM, CERA

About Michelle Bradley, ACAS, MAAA, ARM, CERA

Michelle graduated summa cum laude as valedictorian from Lipscomb University in 1988, receiving a B.S. Degree in Mathematics. She then attended Vanderbilt University and received a M.S. degree in Mathematics. Michelle is an Associate in the Casualty Actuarial Society and is a Member of the American Academy of Actuaries. She also obtained the Associate in Risk Management designation in 1996 and received the award for academic excellence in that program. She served as president for the Casualty Actuaries of the Southeast for the 1999-2000 year. From 1990 to September 2003, she was Vice President and Consulting Actuary for Willis Risk Solutions of Willis North America. During this time she consulted extensively in the areas of actuarial, risk management and enterprise risk management. Michelle received the CERA (Chartered Enterprise Risk Analyst) designation in 2013. She has also served on the board of directors for the Society of Risk Management Consultants. She currently serves on the Advisory Council for Middle Tennessee State University’s Master of Science in Professional Science Program (MSPS). In the area of enterprise risk management, she has focused on modeling issues as regards integrated programs that often include non-traditional risks. She has significant expertise in risk mapping and alternative risk transfer mechanisms. She has been a member of numerous project teams that provided enterprise risk consultancy services and was part of the project team that completed the integrated program that was hailed the “Deal of the Decade” by CFO Magazine (June 2000).

Leave Your Response

* Name, Email, Comment are Required


SIGMA Actuarial Consulting Group, Inc. provides a unique set of resources in our password protected portal, available on our website at www.SIGMAactuary.com/resources.  

These resources are a wealth of information to help you better communicate and educate your staff and clients.  

Questions? Contact SIGMA…

SIGMA Actuarial Consulting Group, Inc.
5301 Virginia Way, Ste 230
Brentwood, Tennessee 37027
PHONE:    866.ACTUARY     866.228.8279
WEB:          www.SIGMAactuary.com