The insider joke goes, “I think you misunderstood. The million-dollar umbrella policy only covers you for claims involving an umbrella.” As corny as that reads, there is probably an ounce of truth when it comes to understanding what your hard earned dollars will insure you against – particularly when buying an emerging product such as cyber insurance.
The numbers around the growth of cyber insurance are impressive. It is amongst the fastest growing segments of the insurance industry with rough estimates of global annual premiums between $3-4bn with growth rates of 28% year-on-year. More organizations are beginning to see cyber liability insurance as a standalone policy and a way to manage for unplanned expenses in the event of a breach. These expenses usually stem from forensics investigations, containment, remediation and the effects of business disruption.
For Dr. Shaun Wang though, the industry is still ill-equipped to tackle the complex and growing nature of cyber insurance.
A mathematician at heart, Dr Wang is Director of Nanyang Technological University’s Insurance Risk and Finance Research Centre. Regarded as a world-renowned expert on quantitative risk modeling and enterprise risk management, he has published over 30 papers in top actuarial and insurance journals for which he has received numerous awards and citations. He is the inventor of the “Wang Transform”, a widely-cited actuarial formula for pricing risks and a much sought after international speaker.
Aside from his academic responsibilities, much of Professor Wang’s time has been spent running a public-private partnership between the insurance industry, academia and government agencies to tackles challenges facing the development of a robust cyber risk insurance market place. Launched in 2016, the Cyber Risk Management (CyRiM) project, which also counts Verizon as a contributor of publically available and anonymized cybersecurity intelligence is seeking to develop a more reliable methodology or benchmarks of calculating premiums for both insurers and their customers.
"The dynamic nature of cyber threats poses a challenge for calculating cyber insurance premiums”, notes Professor Wang. “How do you determine the likelihood (vulnerability) of a company’s weakness being exploited? What is the likely loss amount from a data breach? How does a company’s cybersecurity spending impact its cyber insurance premium? Those are some of the questions we are hoping to address through the CyRiM project.”
Another major challenge that Professor Wang and his research team are addressing is the gap between current cyber insurance product offerings and the perceived need by organizations. Cyber insurance products and policies need to include the packaging of pre-event prevention, such as a cybersecurity and incident response capability assessment, proactive threat monitoring and mitigation, and post-breach response services. They also need to provide broader coverage of losses from data breaches, for example, by removing exclusions and reducing waiting times for business disruptions losses. Ultimately, insurers will be compelled to partner with information security service providers in the midst of a breach.
Ashish Thapar, Verizon’s Managing Principal for Investigative Response, called for greater sharing of data breach information and believes that recent large-scale ransomware attacks will force industry players to collaborate closer than ever before. “Victims of cybercrime are almost never random. There are usually patterns which mean that predictive analytics and data have a crucial role to play in enabling the good guys to stay ahead of the game”, he said. In particular, Ashish sees a cyber-insurance as an effective risk management tool for small and medium businesses that are often financially ill-equipped “to fend for themselves” and unregulated industries.
Ultimately, for Prof Wang and his team of experts, the biggest challenge is making sense of sketchy historical data, piecing them together with the objective of deriving a methodology with data feeds of emerging cyber threats and historical economic losses.
It’s been over a year since project’s inception and the CyRiM team has reached a key milestone: developing an analytical framework for quantifying an organization’s cyber threat attack surface and the cost-benefit analysis of cybersecurity spending. This framework will help organizations to measure up against best practices in pre-breach mitigation and post-breach response, as well as in customizing cyber insurance policies to better estimate cyber insurance premiums.
For related media inquiries, please contact firstname.lastname@example.org