Sessional meeting by the Cyber Risk Working Party
The (re)insurance industry is maturing in its ability to measure and quantity cyber risk. The risk and threat landscapes around cyber continue to evolve, in some cases rapidly. The threat actor environment can change, as well as the exposure base, depending on a variety of external factors such as political, economic, and technological factors. The rapidly changing environment poses interesting challenges for the risk and capital actuaries across the market. The ability to accurately reflect all sources of material losses from cyber events is challenging for capital models and the validation exercise. Furthermore, having a robust Enterprise Risk Management (ERM) framework supporting the business to evaluate cyber risk is an important consideration to give the board comfort that cyber risk is being effectively understood and managed by the business. This paper discusses cyber risk in relation to important risk and capital model topics that actuaries should be considering. It is challenging for the capital models to model this rapidly changing risk in a proportionate way that can be communicated to stakeholders. As model vendors continue to mature and update models, the validation of these models and the ultimate cyber capital allocation is even more complex. One’s view of risk could change rapidly from year to year, depending on the threat or exposure landscape as demonstrated by the ransomware trends in recent years. This paper has been prepared primarily with general insurers in mind. However, the broader aspects of capital modelling, dependencies, and ERM framework are relevant to all disciplines of the profession.
Chair Peter Tompkins
Speakers:
Simon Cartegena, Cincinnati Global Underwriting Ltd
Jasvir Grewel, WTW