Cyber insurance as a risk manager

L’objectif de cette étude vise à comprendre comment les compagnies d’assurance Canadienne conceptualisent les cyber risques afin d’être en mesure de quantifier des pertes résiduelles ou en constante évolution. Par l’entremise de 10 entretiens qualitatif avec des professionnel de l’assurance, nous avons trouvé que la souscription à une cyber assurance peut aider les entrepreneurs à gérer les risques causés par la cyber criminalité. L’étude montre que la cyber assurance contribue à la compréhension et à la diffusion de connaissance en matière de cybercriminalité. Ceci est facilité par la recherche continue sur le phénomène et de la mise à jour ces polices d’assurance. Aussi, il a été trouvé que les professionnels de l’assurance facilitent l’application des mesures de prévention cyber. Cette gestion est permise grâce aux outils mis à disposition des assureurs afin d’évaluer les composantes de sécurité pour contrer les cyber attaques. Finalement, la recherche démontre que le milieu des assurances joue un rôle d’envergure dans la surveillance et la gouvernance des cyber risques.The goal of this research is to understand how Canadian insurance companies conceptualize cyber risks to quantify a residual or evolving loss. Through ten qualitative semi-structured interviews conducted with insurance professionals throughout Canada, we found that the purchase of cyber coverage contributes to the risk management efforts. Companies are increasingly looking to implement or enhance their cyber security measures through cyber insurance. In fact, the study found that cyber insurance can serve three purposes. The first is that it allows for a better understanding and diffusion of knowledge through the continuous research on cybercrimes and the revision of cyber policies. The second finding is that insurance professionals work with companies to assess and facilitate the integration of preventive measures. This is based on the tools they use to asses a company’s cyber security infrastructure. Finally, the study found that insurance companies have a considerable societal impact on the surveillance and governance of cybercrimes

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

The effect of cyber-attacks on stock returns

A widely debated issue in recent years is cybercrime. Breaches in the security of accessibility, integrity and confidentiality of information involve potentially high explicit and implicit costs for firms. This paper investigates the impact of information security breaches on stock returns. Using event-study methodology, the study provides empirical evidence on the effect of announcements of cyber-attacks on the market value of firms from 1995 to 2015. Results show that substantial negative market returns occur following announcements of cyber-attacks. Financial entities often suffer greater negative effects than other companies and non-confidential cyber-attacks are the most dangerous, especially for the financial sector. Overall findings seem to show a link between cybercrime and insider trading

Pricing and Investments in Internet Security: A Cyber-Insurance Perspective

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, such software does not completely eliminate risk. Recent works have considered the problem of residual risk elimination by proposing the idea of cyber-insurance. In this regard, an important research problem is the analysis of optimal user self-defense investments and cyber-insurance contracts under the Internet environment. In this paper, we investigate two problems and their relationship: 1) analyzing optimal self-defense investments in the Internet, under optimal cyber-insurance coverage, where optimality is an insurer objective and 2) designing optimal cyber-insurance contracts for Internet users, where a contract is a (premium, coverage) pair