scholarly journals Modeling the Effect of Spending on Cyber Security by Using Surplus Process

2020 ◽  
Vol 2020 ◽  
pp. 1-10 ◽  
Author(s):  
Ciyu Nie ◽  
Jingchao Li ◽  
Shaun Wang
Keyword(s):  
Cyber Security ◽  
Optimal Allocation ◽  
Optimal Investment ◽  
Security Level ◽  
Insurance Company ◽  
Risk Transfer ◽  
Surplus Process ◽  
Premium Income ◽  
Cyber Risk ◽  
The Impact

In this paper, we assume the security level of a system is a quantifiable metric and apply the insurance company ruin theory in assessing the defense failure frequencies. The current security level of an information system can be viewed as the initial insurer surplus; defense investment can be viewed as premium income resulting in an increase in the security level; cyberattack arrivals follow a Poisson process, and the impact of attacks is modeled as losses on the security level. The occurrence of cyber breach is modeled as a ruin event. We use this framework to determine optimal investment in cyber security that minimizes the total cyber costs. We show by numerical examples that there is an optimal allocation of total cyber security budget to (1) IT security maintenance/upkeep spending versus (2) external cyber risk transfer.

scholarly journals Cyber operational risk scenarios for insurance companies

2019 ◽  
Vol 24 ◽  
Author(s):  
R. Egan ◽  
S. Cartagena ◽  
R. Mohamed ◽  
V. Gosrani ◽  
J. Grewal ◽  
...  
Keyword(s):  
Cyber Security ◽  
Operational Risk ◽  
Social Engineering ◽  
Insurance Companies ◽  
List Type ◽  
Operational Risks ◽  
Life Insurer ◽  
Cyber Risk ◽  
The Impact ◽  
Over Time

AbstractCyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:∙Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).∙Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).∙Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).Limitations: The following sets out key limitations of the work set out in this paper:∙While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.∙There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.∙No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)∙No consideration has been given to the impact of the event on the share price of the company.∙Correlation with other risk types has not been explicitly considered.Conclusions: Cyber risk is a very real threat and should not be ignored or treated lightly in operational risk frameworks, as it has the potential to threaten the ongoing viability of an organisation. Risk managers and capital actuaries should be aware of the various sources of cyber risk and the potential impacts to ensure that the business is sufficiently prepared for such an event. When it comes to quantifying the impact of cyber risk on the operations of an insurer there are significant challenges. Not least that the threat landscape is ever changing and there is a lack of historical experience to base assumptions off. Given this uncertainty, this paper sets out a framework upon which readers can bring consistency to the way scenarios are developed over time. It provides a common taxonomy to ensure that key aspects of cyber risk are considered and sets out examples of how to implement the framework. It is critical that insurers endeavour to understand cyber risk better and look to refine assumptions over time as new information is received. In addition to ensuring that sufficient capital is being held for key operational risks, the investment in understanding cyber risk now will help to educate senior management and could have benefits through influencing internal cyber security capabilities.

Cyber Insurance as a Way of Cyber Risks Management

2019 ◽  
Vol 7 (5) ◽  
pp. 35-42
Author(s):  
Александр Суворов ◽  
Aleksandr Suvorov ◽  
Мария Матанцева ◽  
Mariya Matanceva ◽  
Евгения Плотникова ◽  
...  
Keyword(s):  
Cyber Security ◽  
Insurance Industry ◽  
Security Level ◽  
Controversial Issues ◽  
It Infrastructure ◽  
Software Products ◽  
Cyber Insurance ◽  
Risk Insurance ◽  
Commercial Organization ◽  
Cyber Risk

A review of the cyber insurance domain has been carried out with a description of classical terms from the insurance industry. Have been considered two the most comprehensive today definitions of cyber risk in authors’ opinion. A diagram of processes for cyber risk management using insurance has been presented, and the place of cyber-risk among other company’s risks has been demonstrated, i. e. the context of cyber risk among the risks of any commercial organization has been shown. A typical cyber insurance process has been described, and a scheme of cyber insurance processes has been developed. A brief description of problem areas and controversial issues in cyber insurance, with which cyber-risk insurance practices may face, has been presented, as well as a table showing at which stage of cyber-insurance the specific problems may arise. Has been provided the basic economic utility function, which formalizes decision making for agents with a different attitude to risk. Standards in cyber security, and various software products that can be used as a tool for assessing the security level of an enterprise’s IT infrastructure have been presented, and it has been demonstrated how these products can help in cyber risk assessment. Different methods used at each stage of cyber insurance have been shown.

scholarly journals The impact of lending on bancassurance activity

2019 ◽  
Vol 13 (1) ◽  
pp. 171-181
Author(s):  
Elda Marzai Abliz
Keyword(s):  
Negative Impact ◽  
Distribution Channel ◽  
Solvency Ii ◽  
Capital Requirements ◽  
Financial Supervision ◽  
Insurance Companies ◽  
Insurance Company ◽  
Customer Base ◽  
Premium Income ◽  
The Impact

Abstract Due to financial crisis, and especially because of prudence in lending (retail, micro, and corporate), banks are looking for new sources of income, and bancasurance is clearly a potential source of revenue. Thus, in the financial market, the interests of two major components of it are met: banks maximize commission income, and insurers make access to the large customer base of banks. Bancassurance is a distribution channel of insurance products through bank branches, bringing important advantages for banks, insurance companies and customers. The main advantage for the bank is that earns fee amount from the insurance company, the insurance company increases customers data base and market share, the client satisfy his financial needs and requests in the same institution. Considering that in Romania, banks and insurers do not provide information on the number of insurances sold via the bancassurance distribution channel, as well as commissions obtained by banks for the insurance sale, to determine the development of bancassurance in Romania, we used the statistical data provided by the National Bank of Romania, on credit growth and data provided by The Financial Supervision Association, on the evolution of gross written premiums. Bancassurance is one of the most important insurance distribution channels, accounting for approximately 36% of the global insurance market, in 2016, Europe’s insurers generated total premium income of €1 189bn and had €10 112bn invested in the economy. Regarding to the risks of bancassurance business for banks and insurers, they mainly concern distinct capital requirements for the banking and insurance systems, which will be covered by the Basel III and Solvency II directives. This paper aims to analyze the influence of credit on the bancassurance activity in the last 5 years in Romania, the economic, political and legal factors that have a negative impact on the development of bancassurance, and also the calculating the correlation coefficient r (Pearson’s coefficient) and his result.

Maritime Cyber Risk Management: An Experimental Ship Assessment

2019 ◽  
Vol 72 (5) ◽  
pp. 1108-1120 ◽  
Author(s):  
Boris Svilicic ◽  
Junzo Kamahara ◽  
Matthew Rooks ◽  
Yoshiji Yano
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Software Tool ◽  
Assessment Process ◽  
Security Level ◽  
Security Assessment ◽  
Critical Systems ◽  
Electronic Chart ◽  
Experimental Process ◽  
Cyber Risk

The maritime transport industry is increasingly reliant on computing and communication technologies, and the need for cyber risk management of critical systems and assets on vessels is becoming critically important. In this paper, a comprehensive cyber risk assessment of a ship is presented. An experimental process consisting of assessment preparation activities, assessment conduct and results communication has been developed. The assessment conduct relies on a survey developed and performed by interviewing a ship's crew. Computational vulnerability scanning of the ship's Electronic Chart Display and Information System (ECDIS) is introduced as a specific part of this cyber security assessment. The assessment process presented has been experimentally tested by evaluating the cyber security level of Kobe University's training ship Fukae-maru. For computational vulnerability scanning, an industry-leading software tool has been used, and a quantitative cyber risk analysis has been conducted to evaluate cyber risks on the ship.

scholarly journals Dynamic surplus optimization with performance- and index-linked liabilities

2021 ◽  
Author(s):  
Sascha Desmettre ◽  
Markus Wahl ◽  
Rudi Zagst
Keyword(s):  
Optimal Investment ◽  
Investment Strategy ◽  
Insurance Companies ◽  
Investment Strategies ◽  
Insurance Company ◽  
Expected Return ◽  
Close Link ◽  
Closed Form Solutions ◽  
Risky Investment ◽  
The Impact

AbstractThe increasing importance of liability-driven investment strategies and the shift towards retirement products with lower guarantees and more performance participation provide challenges for the development of portfolio optimization frameworks which cover these aspects. To this end, we establish a general and flexible terminal surplus optimization framework in continuous time, allowing for dynamic investment strategies and stochastic liabilities, which can be linked to the performance of an index or the asset portfolio of the insurance company. Besides optimality results in a fairly general surplus optimization setting, we obtain closed-form solutions for the optimal investment strategy for various specific liability models, which include the cases of index-linked and performance-linked liabilities and liabilities which are completely or only partially hedgeable. We compare the results in numerical examples and study the impact of the performance participation, unhedgeable risk components, different ways of modeling the liabilities and the relative risk aversion parameter. We find that performance- or index-linked liabilities, which provide a close link between the wealth of the insurance company and its liabilities, allow for a higher allocation in the risky investment. On the other hand, unhedgeable risks reduce the allocation in the risky investment. We conclude that, aiming at a high expected return for the policy holder, insurance companies should try to connect the performance of insurance products closely to the wealth and minimize unhedgeable risks.

scholarly journals CYBER RISKS IN THE MUNICIPAL ECONOMY DURING THE PANDEMIC: DAMAGES AND THE STRUGGLE FOR CYBER SECURITY

2020 ◽  
Vol 3 (156) ◽  
pp. 80-87
Author(s):  
M. Vasilenko ◽  
O. Kozin ◽  
M. Kozina ◽  
V. Rachuk
Keyword(s):  
Cyber Security ◽  
Integrated Approach ◽  
Cyber Attacks ◽  
Remote Work ◽  
Public Authorities ◽  
Systematic Analysis ◽  
Preservation Of Evidence ◽  
Cyber Risk ◽  
The Impact ◽  
Municipal Economy

As a result of remote control and automation, the urban infrastructure becomes extremely vulnerable to intrusions, attacks, human errors, accidents that are growing. Due to the concentration of local and global computer networks, systems and software, the “cyber risk” of the municipal economy is multiplicative, which makes it systemic and international. Its essence is manifested both at the national and global levels through the impact on business, municipal and state authorities. Today, the existing pandemic contributes to an increase in the number of cyberattacks, which indicates an even greater cyber vulnerability of municipal administrations and public authorities. Coronavirus COVID-19 has become a tool for hacker attacks on users and enterprises. The purpose of the article is to determine, based on a systematic analysis of the new cyber risks of the municipal economy that arose during the pandemic, to formulate our own views on the classification and methods of counteracting municipal organizations and enterprises. According to experts, since the beginning of this year, thousands of domains associated with coronavirus have been registered in the world. This number also includes sites of various hacker groups that offer information about coronavirus, masks, or quick treatment methods. In fact, these phishing sites are used by hackers to extort money or steal confidential, as well as commercial information. The main types of attacks that increase the threat and actually create a "cyber infection" are noted. Based on the material of this article and the experience of the authors, measures are proposed that ensure the safety of municipal enterprises, which should be carried out in the first place. Strict measures in IT management during a crisis are also recognized as undeniable and necessary. Such as help from cyber experts and help for cyber experts; preservation of evidence of intrusion, staff training, accumulation of experience to accelerate progress in work. Remote work during a pandemic can make it difficult for IT staff to monitor cyber risks, since many of these risks go beyond the financial or technical capabilities of municipalities. Therefore, based on these proposals for the safety of municipal enterprises, an integrated approach to cyber risks is proposed, including an emergency response plan. Based on international experience, the possibility of insuring municipal enterprises and organizations against potential losses associated with cyber attacks by hackers, as well as to eliminate the consequences of these attacks, is also noted. Keywords: cyber-security, cyber-risk, municipal economy, “phishing”, pandemic, Covid-19

scholarly journals Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Risks ◽  
2021 ◽  
Vol 9 (1) ◽  
pp. 24
Author(s):  
Alessandro Mazzoccoli ◽  
Maurizio Naldi
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Management Strategies ◽  
Limited Liability ◽  
Optimal Investment ◽  
Cyber Insurance ◽  
Risk Management Strategies ◽  
Cyber Risk ◽  
Investment Choices ◽  
Very High

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.

scholarly journals Design of a dynamic and self-adapting system, supported with artificial intelligence, machine learning and real-time intelligence for predictive cyber risk analytics in extreme environments – cyber risk in the colonisation of Mars

2021 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Kevin Page ◽  
Max Van Kleek ◽  
Omar Santos ◽  
...  
Keyword(s):  
Artificial Intelligence ◽  
Machine Learning ◽  
Real Time ◽  
Cyber Security ◽  
Extreme Environments ◽  
Learning Technologies ◽  
Cyber Attacks ◽  
Edge Computing ◽  
Mathematical Formulas ◽  
Cyber Risk

AbstractMultiple governmental agencies and private organisations have made commitments for the colonisation of Mars. Such colonisation requires complex systems and infrastructure that could be very costly to repair or replace in cases of cyber-attacks. This paper surveys deep learning algorithms, IoT cyber security and risk models, and established mathematical formulas to identify the best approach for developing a dynamic and self-adapting system for predictive cyber risk analytics supported with Artificial Intelligence and Machine Learning and real-time intelligence in edge computing. The paper presents a new mathematical approach for integrating concepts for cognition engine design, edge computing and Artificial Intelligence and Machine Learning to automate anomaly detection. This engine instigates a step change by applying Artificial Intelligence and Machine Learning embedded at the edge of IoT networks, to deliver safe and functional real-time intelligence for predictive cyber risk analytics. This will enhance capacities for risk analytics and assists in the creation of a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when Artificial Intelligence and Machine Learning technologies are migrated to the periphery of the internet and into local IoT networks.

scholarly journals A new meta-heuristic pathfinder algorithm for solving optimal allocation of solar photovoltaic system in multi-lateral distribution system for improving resilience

2021 ◽  
Vol 3 (1) ◽  
Author(s):  
Varaprasad Janamala
Keyword(s):  
Distribution System ◽  
Distribution Systems ◽  
Voltage Stability ◽  
Optimal Allocation ◽  
Photovoltaic System ◽  
Solar Photovoltaic ◽  
Voltage Profile ◽  
Pv System ◽  
Solar Photovoltaic System ◽  
The Impact

AbstractA new meta-heuristic Pathfinder Algorithm (PFA) is adopted in this paper for optimal allocation and simultaneous integration of a solar photovoltaic system among multi-laterals, called interline-photovoltaic (I-PV) system. At first, the performance of PFA is evaluated by solving the optimal allocation of distribution generation problem in IEEE 33- and 69-bus systems for loss minimization. The obtained results show that the performance of proposed PFA is superior to PSO, TLBO, CSA, and GOA and other approaches cited in literature. The comparison of different performance measures of 50 independent trail runs predominantly shows the effectiveness of PFA and its efficiency for global optima. Subsequently, PFA is implemented for determining the optimal I-PV configuration considering the resilience without compromising the various operational and radiality constraints. Different case studies are simulated and the impact of the I-PV system is analyzed in terms of voltage profile and voltage stability. The proposed optimal I-PV configuration resulted in loss reduction of 77.87% and 98.33% in IEEE 33- and 69-bus systems, respectively. Further, the reduced average voltage deviation index and increased voltage stability index result in an improved voltage profile and enhanced voltage stability margin in radial distribution systems and its suitability for practical applications.

Sign in / Sign up

Export Citation Format

Share Document