Royal Holloway: Lessons on catastrophe - differences and similarities between cyber and other forms of risk
The field of cyber insurance is still in its infancy but has already shown significant growth, with plenty of evidence for further expansion. However, a lack of past information and some idiosyncrasies make pricing difficult, as well as potentially amplifying risk exposure.
This article summarises high level findings from a practical model that could be used in lieu of actuarial data. The model may be refined in the future as historic datasets become available. This practical model shows that cyber insurance risks pose significantly elevated likelihood and impact when compared with other forms of risk which are more independent. Higher premiums will be a natural consequence to insulate from the associated downside.
There are therefore strong incentives for insureds to improve event independence, for example through hardening. Insurers, on the other hand, can protect themselves from extreme events by rejecting certain risks with cover limits, as they do already, or they may choose to transfer the more extreme risks via commercial.