Actuarial and financial risk management in networks

Interconnectedness constitutes a key characteristic of actuarial and financial systems. In regular times, it facilitates the provision of the systems’ important services to society. In times of crisis, however, it enables the spread of contagious distress that may adversely affect the overall economy and amplify crisis situations. In this thesis, we introduce and analyze two financial and one actuarial network model representing three particular risk management problems that arise from different forms of interconnectedness. First, we consider the spread of financial losses and defaults in a comprehensive model of a banking network. Distress therein may propagate through various forms of connections such as direct financial obligations, bankruptcy costs, fire sales, and cross-holdings. For the integrated financial market, we prove the existence of a price-payment equilibrium and design an algorithm for its computation. The corresponding number of defaults is analyzed in several comparative case studies. These illustrate the individual and joint impact of the considered interaction channels on systemic risk. Second, we study the problem of minimizing market inefficiencies, defined as deviations of realized asset prices from fundamental values, as a function of the network of banks’ overlapping asset portfolios. Prices are pressured from trading actions of the leverage targeting banks, which rebalance their portfolios in response to exogenous asset shocks. We prove the existence of a network of efficient asset holdings and characterize its properties and sensitivities. In particular, we find that the standard paradigm of asset portfolio diversification may cause tremendous market inefficiencies, especially during crisis situations. Third, we consider insurance against cyber epidemics. Infectious cyber threats, such as viruses and worms, diffuse within a network of possibly insured parties. Since the infection may affect many different agents at the same time, a provider of cyber insurance is exposed to significant accumulation risk. We build and analyze a stochastic model of losses generated by infectious cyber threats based on interacting particle systems and marked point processes. Together with a novel polynomial and mean-field approximation, our approach allows to explicitly compute prices for different forms of cyber insurance contracts. Numerical case studies demonstrate the impact of the network topology and indicate that higher order approximations are indispensable for the analysis of non-linear contracts

Modeling and pricing cyber insurance: Idiosyncratic, systematic, and systemic risks

The paper provides a comprehensive overview of modeling and pricing cyber insurance and includes clear and easily understandable explanations of the underlying mathematical concepts. We distinguish three main types of cyber risks: idiosyncratic, systematic, and systemic cyber risks. While for idiosyncratic and systematic cyber risks, classical actuarial and financial mathematics appear to be well-suited, systemic cyber risks require more sophisticated approaches that capture both network and strategic interactions. In the context of pricing cyber insurance policies, issues of interdependence arise for both systematic and systemic cyber risks; classical actuarial valuation needs to be extended to include more complex methods, such as concepts of risk-neutral valuation and (set-valued) monetary risk measures

Building Resilience in Cybersecurity -- An Artificial Lab Approach

Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders

Modeling and pricing cyber insurance - Idiosyncratic, systematic, and systemic risks

The paper provides a comprehensive overview of modeling and pricing cyber insurance and includes clear and easily understandable explanations of the underlying mathematical concepts. We distinguish three main types of cyber risks: idiosyncratic, systematic, and systemic cyber risks. While for idiosyncratic and systematic cyber risks, classical actuarial and financial mathematics appear to be well-suited, systemic cyber risks require more sophisticated approaches that capture both network and strategic interactions. In the context of pricing cyber insurance policies, issues of interdependence arise for both systematic and systemic cyber risks; classical actuarial valuation needs to be extended to include more complex methods, such as concepts of risk-neutral valuation and (set-valued) monetary risk measures