Should the Public or Private Sector Insure Cyber Risks?

Open Access
- Author:
- Tygh, Colleen Alyssa
- Area of Honors:
- Actuarial Science
- Degree:
- Bachelor of Science
- Document Type:
- Thesis
- Thesis Supervisors:
- Zhongyi Yuan, Thesis Supervisor
Richard Lee London, Thesis Honors Advisor - Keywords:
- actuarial science
risk management
cyber
insurance - Abstract:
- This research explores the question of whether the United States government or the American private insurance industry is the better party to properly insure cyber risk. While businesses that purchase cyber insurance coverage can absorb some smaller losses from cyber attacks on their own, an insurance company typically covers the costs of business interruption, technological assets, customer notification, public relations, legal work, and other related expenses. In recent years, cyber security threats have grown exponentially and expanded into market segments and industries not previously protected, thereby increasing the demand for cyber insurance products with higher limits and broader coverage. After providing an overview of cyber insurance’s history and current market status, this thesis then discusses the characteristics that make a risk insurable and the emerging insurance modeling methods that may be applicable to cyber insurance pricing. Examples of insurance lines and products that are currently sold by the private insurance industry are provided to aid the analysis of that industry’s ability to insure against all conceivable cyber risks. Two insurance programs run by the federal government, which can serve as models for a potential government-sponsored cyber insurance program, are also considered. Private insurance companies have built actuarial pricing models for some cyber products. However, as cyber criminals and terrorists become more of a threat, the private sector may not be able to handle the vast liabilities that these risks pose. There is no way to accurately predict how much damage a single cyber attack could cause in the future, and thus there is no reliable way to price the associated insurance products. A temporary government reinsurance program could be established to cover losses from cyber attacks that affect many businesses and industries at the same time until the private sector feels confident that it can adequately model these risks.