Cyber Insurance Ratemaking: A Graph Mining Approach

Antonio, Yeftanus; Indratno, Sapto Wahyu; Simanjuntak, Rinovia

doi:10.3390/risks9120224

Cited by 9 publications

(3 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this respect, there are various types of algorithms in which this information can be fed. For example, researchers (Sun and Lu, 2022;Pavl ık et al, 2022) have created mixed models based on the information about breaches and the information about the insured entity, whereas Antonio et al (2021) have gone more in the direction of graph mining approach to mitigate lack of sufficient data in the market for establishing the proper pricing of the insurance policy. Further, details on security measures implemented and their maturity level are relevant, and lessons learned from previous incidents.…”

Section: Level Of Valuable Detail For the Information Gathered And Co...mentioning

confidence: 99%

Cyber insurance risk analysis framework considerations

Rangu,

Badea,

Scheau

et al. 2024

JRF

View full text Add to dashboard Cite

PurposeIn recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.Design/methodology/approachThe authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.FindingsThe study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.Research limitations/implicationsThis research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.Practical implicationsProposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.Originality/valueThe study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.

show abstract

Section: Level Of Valuable Detail For the Information Gathered And Co...mentioning

confidence: 99%

Cyber insurance risk analysis framework considerations

Rangu,

Badea,

Scheau

et al. 2024

JRF

View full text Add to dashboard Cite

show abstract

“…It was our goal when co-editing a special issue on the topic (for another journal), inviting researchers from different fields to contribute with their own expertise, e.g. from forensic science (Barlatier (2020)) or with a graph mining method for approaching insurance ratemaking (Yeftanus et al (2021)), among others (see for a presentation of the papers enclosed in this special issue). Risk management is by nature pluridisciplinary.…”

Section: Research On Cyber Riskmentioning

confidence: 99%

Managing Cyber Risk, a Science in the Making

Dacorogna¹,

Kratz²

2023

Preprint

View full text Add to dashboard Cite

Not a day goes by without news about a cyber attack. Fear spreads out and lots of wrong ideas circulate. This survey aims at showing how all these uncertainties about cyber can be transformed into manageable risk. After reviewing the main characteristics of cyber risk, we consider the three layers of cyber space: hardware, software and psycho-cognitive layer. We ask ourselves how is this risk different from others, how modelling has been tackled and needs to evolve, and what are the multi-facetted aspects of cyber risk management. This wide exploration pictures a science in the making and points out the questions to be solved for building a resilient society.

show abstract

“…Because of their ability to capture interconnectedness, approaches to modeling epidemics in the context of cyber risk have also appeared recently. For example, Fahrenwaldt, Weber, and Weske (2018), Xu andHua (2019), andAntonio, Indratno, andSimanjuntak (2021) study the pricing of cyber insurance policies in epidemic network models. Furthermore, the impact of cyber risk contagion on insurance portfolios has been analyzed in Hillairet and Lopez (2021), and more recently the network structure of interconnected industry sectors has been considered, see Hillairet et al (2022).…”

Section: Literaturementioning

confidence: 99%

Building Resilience in Cybersecurity -- An Artificial Lab Approach

Awiszus¹,

Yannick²,

Lüttringhaus³

et al. 2022

Preprint

View full text Add to dashboard Cite

Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security-and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.

show abstract

Cyber Insurance Ratemaking: A Graph Mining Approach

Cited by 9 publications

References 53 publications

Cyber insurance risk analysis framework considerations

Cyber insurance risk analysis framework considerations

Managing Cyber Risk, a Science in the Making

Building Resilience in Cybersecurity -- An Artificial Lab Approach

Contact Info

Product

Resources

About