Open Mobile Menu"
AFP 2022 Blog

AFP 2022 Blog


Emerging Cyber Risks: The Cyber Insurance Devious Data Dilemma

Aug 24, 2022

By Aaron Hillebrandt, FCAS, MAAA, FFSI

Cyber liability risks, in the form of ransomware, breaches and other related technological attacks, have evolved as quickly as cyber security professionals have been able to identify and mitigate them. Cyber threats have been, and remain, an ongoing and serious threat to businesses in practically every sector.

The insurance industry has responded accordingly. Relying on a history of innovation, the insurance industry has worked to meet threats posed by cyber liability. Insurers and actuaries have done what they do best: leveraging data to design and price insurance coverages for the brave new world of technology and technological risk.

But the evolving nature of cyber risk has resulted in a dilemma for insurers — and financial professionals.

Mature, stable claims databases for cyber liability do not yet exist. Some data has become available through the National Association of Insurance Commissioners and other industry groups, but the newness and lack of deep and complete data sets have meant that data on severity, frequency and costs of breaches are not always available.

In addition, the claims environment continues to change rapidly. So, when data is available, it can have limited predictive value, which makes actuarial projections more difficult. Cyber liability is still a relatively new field. The data is newer and more volatile than other property and casualty lines of insurance, and it is important to ensure data quality.

The source of data matters as well. Actuaries and insurers need consistent, predictive data to do their work.

A compounding factor for cyber liability data has been the shift to remote work and workers. Understanding cyber liability risk in the remote work environment is naturally a difficult exercise. After all, how well do companies understand their cyber liability exposure in a remote work environment? How much hardening of systems took place when companies rushed to meet employees’ needs during pandemic-related work-from-home arrangements? These are essential questions for a world of cyber liability risk that continues to evolve. Companies will need to answer these fundamentals to get a handle on the scope of cyber risk associated with remote work.

The bottom line is that the insurance industry’s understanding of disruption and dangers of cyber threats are cloudy. Any financial professional managing risk should be equally careful. There’s cause for concern and deliberation.

On October 25, I’ll be conducting a deep dive into this cyber liability data dilemma (and more) at the AFP 2022 session, “Emerging Cyber Risks.” I am delighted that I will be joined by Supervisory Special Agent Darin Murphy of the Federal Bureau of Investigations’ (FBI) Philadelphia office. Special Agent Murphy will give the law enforcement perspective on cyber-crime, and when companies need to engage law enforcement to help mitigate cyber threats.

Cyber risk is an important topic that the insurance industry has been wrestling with as key data has (or hasn’t) come in. It’s a topic that should make financial professionals to be mindful and wary. And I’m very much looking forward to sharing more in Philadelphia at AFP 2022.

Register for AFP 2022 by September 16 to save $350.