Inferring Cyber Loss Distributions from Insurance Prices
- 14:00 24th May 2019 ( Trinity Term 2019 )Tony Hoare Room, Robert Hooke Building
Quantifying the probability and impact of cyber loss events has proved an elusive quest. Doing so could help security teams advocate for more resources. This talk looks to the insurance industry to introduce a new approach. The first part investigates the pricing tables and algorithms used by 26 insurance providers in the USA. We provide empirical observations on how cyber insurance premiums vary by coverage type, amount, policyholder type, and over time. The second part introduces a method using Particle Swarm Optimisation to iterate through candidate parameterised distributions with the goal of reducing error in predicting observed prices. We then aggregate the inferred loss models across 6,828 observed prices from all 26 insurers to derive the County Fair Cyber Loss Distribution. We demonstrate its value in decision support by applying it to a theoretical retail firm with annual revenue of $50M. The results suggest that the expected cyber liability loss is $428K, and that the firm faces a 2.3% chance of experiencing a cyber liability loss between $100K and $10M each year. The method could help organisations better manage cyber risk, regardless of whether they purchase insurance.
Speaker bio
Daniel is a doctoral student in the Computer Science at the University of Oxford. He joined via the Centre for Doctoral Training in cyber security. He received an MSci in mathematics from the University of Bristol and his current research focuses on the economics of information security. The talk is based on research conducted at the University of Tulsa with Professor Tyler Moore. His visit was made possible by a Fulbright Cyber Security Award.Share this:
