Enhancing the Role of Insurance in Cyber Risk Management

Enhancing the Role of Insurance in Cyber Risk Management You or your institution have access to this content

Click to Access: 
  • PDF
  • http://www.keepeek.com/Digital-Asset-Management/oecd/finance-and-investment/enhancing-the-role-of-insurance-in-cyber-risk-management_9789264282148-en
  • READ
08 Dec 2017
9789264282148 (PDF) ;9789264282131(print)

Hide / Show Abstract

The digital transformation of economic activities is creating significant opportunities for innovation, convenience and efficiency. However, recent major incidents have highlighted the digital security and privacy protection risks that come with an increased reliance on digital technologies. While not a substitute for investing in cyber security and risk management, insurance coverage for cyber risk can make a significant contribution to the management of cyber risk by promoting awareness about exposure to cyber losses, sharing expertise on risk management, encouraging investment in risk reduction and facilitating the response to cyber incidents. This report provides an overview of the financial impact of cyber incidents, the coverage of cyber risk available in the insurance market, the challenges to market development and initiatives to address those challenges. It includes a number of policy recommendations which support the development of the cyber insurance market and contribute to improving the management of cyber risk.

loader image

Expand / Collapse Hide / Show all Abstracts Table of Contents

  • Mark Click to Access
  • Foreword

    The digital transformation of economic activities is creating significant opportunities for innovation, convenience and efficiency. However, as recent major incidents have highlighted, a growing reliance on digital technologies comes with digital security and privacy protection risks. This presents policy makers with the challenge of finding an appropriate balance between addressing these risks while allowing sufficient space for achieving the economic and societal benefits of digitalisation. The role of the nascent cyber insurance market in enhancing cyber resilience is increasingly being recognised by policy makers.

  • Executive summary

    Economic and commercial operations have become increasingly reliant on digital technologies which face a constant threat of disruption due to human error or malicious attacks. The potential for serious economic and commercial repercussions, illustrated most recently in the millions of compromised records at Yahoo and Equifax, the disruption of major websites by a denial-of-service attack on Dyn and the hundreds of thousands of computers compromised by the WannaCry and NotPetya ransomware attacks, has meant increasing investment in safeguarding the confidentiality, integrity and availability of information and information systems.

  • Growing cyber risk and the contribution of insurance to cyber risk management

    This chapter provides an overview of the context for this study, notably the increasing concerns about the implications of cyber risk, as well as some information on the survey undertaken for the purposes of informing this report. It also describes the potential contribution of insurance to managing cyber risk through: (i) supporting the quantification of cyber exposure; (ii) providing expertise on risk management and prevention; (iii) facilitating access to crisis management services; and (iv) encouraging risk reduction through premium pricing.

  • Types of cyber incidents and losses

    This chapter provides an overview of the different types of cyber incidents, based on a categorisation approach developed by the CRO Forum, as well as the types of losses that may result from these incidents. Where available, data is presented on the magnitude of losses from past incidents including trends in the magnitude of losses and some of the drivers of cost variations across different countries (such as differences in terms of notification requirements).

  • The cyber insurance market

    This chapter provides an overview of the cyber insurance market, including the types of losses that are commonly covered across stand-alone cyber insurance policies and traditional policies and also the losses that are more difficult to cover. It provides some data on the size of the stand-alone cyber insurance market, penetration levels and pricing, as well as information on how insurers underwrite cyber insurance coverage approach and the additional risk mitigation and crisis response services that are often offered with cyber insurance policies.

  • Cyber insurance market challenges

    This chapter provides an overview of the main challenges to the development of the cyber insurance market in terms of both insurers' willingness to provide coverage and the demand from companies to acquire insurance coverage. The lack of historical experience and evolving nature of cyber risk create significant challenges for quantifying cyber risk. These challenges, along with concerns about the potential for accumulation risk, lead to higher prices and limited coverage levels. At the same time, the complexity of standalone cyber insurance policies, as well as the potential for coverage of cyber risk in traditional policies, leads to significant misunderstanding about the insurance coverage available for cyber risk. There are also concerns about whether cyber insurance policies are responding to the most pressing needs of policyholders.

  • Addressing challenges to cyber insurability

    This chapter examines ways to address the challenges that impede the development of the cyber insurance market. The development of probabilistic models for cyber risk could improve underwriting and reduce uncertainty although this will require improved data on past incidents and their impact as well as on the relative effectiveness of security policies and practices. There are several potential sources of data that could support probabilistic modelling and a few initiatives aimed at sharing this data within the insurance sector and between the government and the private sector. However, a lack of harmonisation limits the contribution of these efforts. The insurance sector and governments in several countries are also examining ways to improve understanding of the insurance coverage available for cyber risk and at least one country has implemented a regulatory intervention to encourage greater transparency.

  • Supporting the cyber insurance market through better policies and regulation

    This chapter provides a set of recommendations on policy and regulatory measures that could be implemented to improve the development of the cyber insurance market. Governments could contribute to the availability of data on past cyber incidents, forward-looking analyses on the changing nature of the risk and on the effectiveness of security practices, including through the development or promotion of cyber security standards. Governments should also closely monitor the market developments and consider if there is a need to intervene to encourage greater clarity on coverage or to support the management of accumulation risk.

  • Add to Marked List
Visit the OECD web site