Digital technology has permeated almost every aspect of contemporary life, offering remarkable benefits but also exposing businesses and individuals to various risks, particularly in the realm of cybersecurity. As more incidents of software failures, cyberattacks, and data breaches become commonplace, the demand for effective methodologies to assess and compare these risks has intensified. According to a survey conducted by the Society of Actuaries (SOA) Research Institute in May 2024, cyber and network incidents were identified as the second most significant emerging risk by risk managers.
Acknowledging this urgent need, the North American Actuarial Journal (NAAJ) recently awarded its annual prize for the best paper to “The Economic Impact of Extreme Cyber Risk Scenarios.” This work was authored by Martin Eling, Mauro Elvedi, and Greg Falco, and published in Volume 27, Issue 3 of the NAAJ. The paper presents a framework aiming to standardize how businesses assess the economic impacts of various cyber risk scenarios.
In an interview with The Actuary Magazine, Eling, a professor of Insurance Economics and chair for Insurance Management at the University of St. Gallen, Switzerland, explained, “Existing studies often lacked a standardized methodology, making it difficult to compare results or apply findings across different contexts." This shortfall in methodological consistency has been highlighted as a significant obstacle in accurately assessing the risks posed by cyber incidents, compounded by the limited availability of historical data due to the underreporting of such events.
The authors’ comparative analysis stems from the growing interdependence of critical infrastructures across different sectors. Eling, alongside his co-authors Falco, an assistant professor at the Sibley School of Mechanical and Aerospace Engineering at Cornell University, and Elvedi, a former Ph.D. student at the Institute of Insurance Economics, aimed to systematically analyse cyber incidents, which was further complicated by the geographical separation induced by the COVID-19 pandemic. The team worked collaboratively through video conferencing technology, allowing them to merge their diverse areas of expertise.
Falco remarked, “I’m a cyber technical expert, so I brought the technological depth,” noting that their methodology included evaluating potential system disruptions. This comprehensive approach allowed the integration of qualitative risk descriptions with quantitative economic impact assessments. Eling added, “Our approach allows for the comparison of diverse scenarios within a standardized model.” This not only enhances the accuracy of economic impact estimates but also promotes replicability across various contexts.
Findings from their research indicate that the economic impacts of cyber incidents can significantly differ even within their newly established framework. In certain instances, the most severe economic outcomes suggested a potential for these cyber risks to be insurable, as some were found to be less severe than the impacts of natural disasters.
The findings presented in the paper have implications for a wide range of stakeholders, including actuaries, insurance professionals, risk managers, and policymakers. The methodology enables an understanding of the broader ripple effects of cyber incidents and includes a sensitivity analysis that can inform future research as well as practical applications in risk management.
Eling, Falco, and Elvedi envision that their work could guide the development of innovative cyber insurance products and adaptable strategies that address the nuances of cyber risks on a global scale. Falco pointed out the prospects for future research, stating, “We see AI risk and insurability as the next opportunity in this sector.” While they acknowledge that they currently lack enough case studies specifically regarding AI, they suggest that forthcoming analysis will likely yield valuable insights in this area.
Overall, the authors of the recognised paper hope to create a framework that encourages sectors to quantify the scale of cyber risks, enhancing preparedness and response strategies in a digital age chock-full of technological challenges.
Source: Noah Wire Services