DOCSLIB.ORG

Enhancing the Role of Insurance in Cyber Risk Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enhancing the Role of Insurance in Cyber Risk Management Enhancing the Role of Insurance in Cyber Risk Management The digital transformation of economic activities is creating significant opportunities for innovation, convenience and efficiency. However, recent major incidents have highlighted the digital security and privacy protection risks that come with an increased reliance on digital technologies. While not a substitute for investing in cyber Enhancing the Role security and risk management, insurance coverage for cyber risk can make a significant contribution to the management of cyber risk by promoting awareness about exposure to cyber losses, sharing expertise on risk management, encouraging investment in risk reduction and facilitating the response to cyber incidents. This of Insurance in Cyber Risk report provides an overview of the financial impact of cyber incidents, the coverage of cyber risk available in the insurance market, the challenges to market development and initiatives to address those challenges. It includes Management a number of policy recommendations which support the development of the cyber insurance market and contribute to improving the management of cyber risk. Enhancing the Role of Insurance in Cyber Risk Management Enhancing the Role of Insurance in Cyber Risk Management This work is published under the responsibility of the Secretary-General of the OECD. The opinions expressed and arguments employed herein do not necessarily reflect the official views of OECD member countries. This document, as well as any data and any map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Please cite this publication as: OECD (2017), Enhancing the Role of Insurance in Cyber Risk Management, OECD Publishing, Paris. http://dx.doi.org/10.1787/9789264282148-en ISBN 978-92-64-28213-1 (print) ISBN 978-92-64-28214-8 (PDF) The statistical data for Israel are supplied by and under the responsibility of the relevant Israeli authorities. The use of such data by the OECD is without prejudice to the status of the Golan Heights, East Jerusalem and Israeli settlements in the West Bank under the terms of international law. Photo credits: Cover © KrulUA/iStock/Thinkstock.com Corrigenda to OECD publications may be found on line at: www.oecd.org/about/publishing/corrigenda.htm. © OECD 2017 You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases and multimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitable acknowledgement of OECD as source and copyright owner is given. All requests for public or commercial use and translation rights should be submitted to [email protected]. Requests for permission to photocopy portions of this material for public or commercial use shall be addressed directly to the Copyright Clearance Center (CCC) at [email protected] or the Centre français d’exploitation du droit de copie (CFC) at [email protected]. FOREWORD Foreword The digital transformation of economic activities is creating significant opportunities for innovation, convenience and efficiency. However, as recent major incidents have highlighted, a growing reliance on digital technologies comes with digital security and privacy protection risks. This presents policy makers with the challenge of finding an appropriate balance between addressing these risks while allowing sufficient space for achieving the economic and societal benefits of digitalisation. The role of the nascent cyber insurance market in enhancing cyber resilience is increasingly being recognised by policy makers. This report, Enhancing the Role of Insurance in Cyber Risk Management, provides a series of policy recommendations aimed at enhancing the contribution of the cyber insurance market to managing this increasingly prevalent risk. The report examines the current state of the market, based on substantive input from the re/insurance companies, brokers and regulators that are directly involved in its development, and the obstacles that are impeding the market from reaching its full potential. It builds on the initial findings in the OECD report on Supporting an effective cyber insurance market which was presented to G7 Finance Ministers and Central Bank Governors in May 2017. The OECD has supported the development of strategies for the financial management of natural and man-made disaster risks for a number of years, including through the OECD Recommendation on Disaster Risk Financing which provides a framework for addressing the financial impacts of disasters on individuals, businesses and governments. This report was prepared by the OECD based on questionnaire responses received from the re/insurance companies and brokers active in this market globally and the ministries of finance and insurance regulators responsible for overseeing that market. It benefited from the support and input of the OECD Insurance and Private Pensions Committee, the OECD High-Level Advisory Board on the Financial Management of Large-Scale Catastrophes and the Working Party for Security and Privacy in the Digital Economy. The report contributes to the OECD Going Digital project which provides policy makers with tools to help economies and societies prosper in an increasingly digital and data-driven world (www.oecd.org/going-digital). Particular efforts have been invested in ensuring that this overview is up-to-date at the time of publication (November 2017) although readers should keep in mind that the nature of cyber incidents and the insurance market response is evolving rapidly. ENHANCING THE ROLE OF INSURANCE IN CYBER RISK MANAGEMENT © OECD 2017 3 TABLE OF CONTENTS Table of contents Executive summary ................................................................................................................................ 7 Chapter 1. Growing cyber risk and the contribution of insurance to cyber risk management .... 11 Notes .................................................................................................................................................. 15 References .......................................................................................................................................... 16 Chapter 2. Types of cyber incidents and losses ................................................................................. 19 Data confidentiality ............................................................................................................................ 22 System malfunction/issue ................................................................................................................... 33 Data integrity/availability ................................................................................................................... 39 Malicious activity ............................................................................................................................... 42 Notes .................................................................................................................................................. 45 References .......................................................................................................................................... 46 Chapter 3. The cyber insurance market ............................................................................................ 57 Stand-alone cyber insurance market ................................................................................................... 60 Additional services provided with stand-alone policies ..................................................................... 75 Coverage for cyber-related losses in existing (traditional) policies ................................................... 77 Notes .................................................................................................................................................. 81 References .......................................................................................................................................... 82 Chapter 4. Cyber insurance market challenges ................................................................................ 93 Factors affecting the price of cyber insurance .................................................................................... 94 Factors affecting the willingness-to-pay for cyber insurance coverage ........................................... 101 Notes ................................................................................................................................................ 104 References ........................................................................................................................................ 105 Chapter 5. Addressing challenges to cyber insurability ................................................................. 111 Improving the capacity to quantify cyber risk .................................................................................. 111 Addressing the challenges to understanding cyber insurance coverage ........................................... 124 Other approaches to supporting greater market capacity ................................................................. 127 Notes ...............................................................................................................................................
Load more

Recommended publications
  • Better Market Intelligence with Smart Search Anaging Uncertainty and Risk in Business Requires a 1 Mcomprehensive Market Intelligence Approach
    Better Market Intelligence with Smart Search anaging uncertainty and risk in business requires a 1 Mcomprehensive market intelligence approach. But maintaining ongoing knowledge of competitor activity/strategies, not to mention the latest legal and regulatory shifts and economic factors, is more difficult than ever before. Defining a competitive set has never been more complicated A clear view of your competitor landscape is essential. Unfortunately, comprehensively tracking competitors can be imprecise and hard to measure when competitive lines are shifting such as: Entrenched players expand into a new vertical (e.g., Amazon buys Whole Foods) Disruptive startups radically change a competitive landscape overnight (especially since disruptors are hard to track due to a nascent digital footprint). Information overload + data fatigue Historically, market intelligence programs operated under the belief that analysis of competitors could be based exclusively on publicly available information.1 While some high quality secondary sources of A wealth of information information—for example, broker research—are not is a double-edged sword. free for the general public, it is true that a wealth of It creates noise, making it information about companies is readily available on difficult to hone in on the the Internet. most relevant information But a wealth of information is a double-edged sword. to your precise interests. It creates noise, making it difficult to hone in on the most relevant information to your precise interests. It’s easy to publish unverified, uncited information, making it too easy for a company to push a strategic communications message that’s impossible to verify (for example, “We’ll be first to market with this cancer-stopping drug”).
    [Show full text]
  • Defending Against an Invisible Threat Pragmatic Cybersecurity for the Interconnected Business
    Defending Against an Invisible Threat Pragmatic Cybersecurity for the Interconnected Business This white paper has been reformatted and reprinted with permission fromassurexglobal.com ACE Private Risk Services® for the clients of Assurex Global Private Client Group members. 1 SUMMARY THINK YOUR BUSINESS IS REASONABLY SAFE FROM A CYBER-ATTACK? Think again. The threat is so widespread that there is an entire black market built to arm hackers with the tools they need to breach your systems. Even worse, 50 percent of online traffic is automated. It does not sleep. It is ever-present, and it can be searching for your data—or your client’s data at any moment. Should a hacker gain access into your business’ network, the results could be devastating in terms of lost assets, lost credibility, and a tarnished reputation. The good news is that there are a number of steps your business can take to not only protect your employee and client data, but also to demonstrate the level of diligence that is critical to your customers and insurers. The first step is understanding the extent of cyber-attacks and familiarizing yourself with the various methods hackers use to infiltrate your system. Armed with this basic knowledge, you will be better equipped to recognize the signs of an attack and prevent a breach from happening in the first place. This white paper is based on a presentation from Mr. Chris Ensey, COO of Dunbar CyberSecurity. By reading it, you will learn what constitutes a cyber-attack and the associated tactics. You will also learn about preventative measures that you can take to strengthen your company’s security.
    [Show full text]
  • Competitive Intelligence: Systematic Collection and Analysis of Information
    Journal of Critical Reviews ISSN- 2394-5125 Vol 6, Issue 5, 2019 Competitive Intelligence: Systematic Collection and Analysis of Information Kundharu Saddhono1, Jacky Chin2, Apriana Toding3, Muhammad Nuzul Qadri4, Ismail Suardi Wekke5 1Universitas Sebelas Maret, Indonesia. E-mail: [email protected] 2Industrial Engineering Department, Mercu Buana University, Jakarta 11650, Indonesia 3Department of Electrical Engineering, Universitas Kristen Indonesia Paulus, South Sulawesi, Indonesia 4Sekolah Tinggi Ilmu Ekonomi Enam Enam, Kendari, Indonesia 5Sekolah Tinggi Agama Islam Negeri (STAIN) Sorong, Indonesia Received: 17.11.2019 Revised: 14.12.2019 Accepted: 18.12.2019 Abstract: Nowadays data is that the economic basis of every company. One has to understand the merchandise, the technology behind it, however additionally the client, the contestant and different circumstances that influence the business. The scientific term for the need information of data gathering and its transformation into applicable knowledge is Competitive Intelligence. This thesis focuses on three queries concerning competitive intelligence that area unit coupled during a model. First off it offers an outline concerning the foremost vital styles of competitive intelligence. Supported three sorts, specifically Market Intelligence, contestant Intelligence and Internal Intelligence, it raises the question if there area unit industry- specific necessities and general key aspects of the activity. The main focus cluster consists of fifteen international corporations from completely different industries that were analyzed with regard to military operation and kinds of competitive intelligence activities. Secondly the thesis considers legal aspects. It asks however effective international treaties and European laws area unit in terms of legal action of unfair competition and protection of material possession rights.
    [Show full text]
  • Open Source Intelligence and Osint Applications
    Sanna Tuominen OPEN SOURCE INTELLIGENCE AND OSINT APPLICATIONS OPEN SOURCE INTELLIGENCE AND OSINT APPLICATIONS Sanna Tuominen Bachelor’s Thesis Spring 2019 Information Technology Oulu University of Applied Sciences ABSTRACT Oulu University of Applied Sciences Degree Programme in Information Technology, Option of Intelligent Systems Author: Sanna Tuominen Title of the bachelor’s thesis: Open Source Intelligence and OSINT Applications Supervisor: Eino Niemi Term and year of completion: Spring 2019 Number of pages: 55 + 3 appendices Emerge of the Internet as a global platform for sharing and exchanging information world-wide has increased exponentially the amount of publicly available data. Open source intelligence [OSINT] aims at addressing specific intelligence requirements utilising this data. Open source intelligence is traditionally associated with military intelligence, yet users of OSINT today are ranging from governments to businesses and regular citizens. The objective of this thesis was to study what open source intelligence is and demonstrate the use of selected OSINT tools. In the theory sections, this thesis considered the current state of OSINT and evaluated its future. The popularity of OSINT is increasing, and the usage of OSINT is expanding into new arenas. The main challenge with OSINT is the trouble of finding the meaningful bits from massive data amounts. Hence, this thesis introduced and demonstrated three OSINT solutions displaying the nature and the differing attributes of the selected OSINT solutions. The study of the solutions was conducted as a demonstration assessment, where the use and the results of selected OSINT solutions were recorded and observed. The thesis findings show that the range of OSINT solutions is wide and scattered.
    [Show full text]
  • Market Intelligence Surveillance Market Intelligence, Surveillance
    Market Intelligence, Surveillance Systems and Techniques to Detect and Deter Securities Market Fraud Ester Saverson, Jr., Assistant Director Office of International Affairs U.S. Securities and Exchange Commission* *The U.S. Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or presentation of its staff. The views expressed herein are those of the authors and do not necessarily reflect the views of the Commission, individual commissioners, or the author’s colleagues on the staff of the Commission. Three Major Types of Market Fraud Trade Based Market Manipulation – Pre-arranged Trades • Washed Trades • MthdTMatched Tra des – Marking (pegging and capping) the Close – Short Squeeze – Controlling the Supply of a Security AtiAction B ased dM Mark ktMet Man ipu ltilation – Misrepresentation or False Statement IfInformat ion B ased dMk Market Man ipu lat ion – Insider Trading – Front Running Why is Market Fra ud Bad? Fraud affects the integrity of the market – Drive pppeople out of market – Keep capital on the sidelines MiltidittthidManipulation distorts the independ dtent trading and pricing mechanism – Raises the cost of capital – Lowers cost of securities Securities regulation is intended to ensure tha t mar ke ts are fa ir, effi ci ent and transparent Areas of Concern TdiTrading at or near th hCle Close Spikes in volume or price Block Trading Offerings Redemptions Program Trading Short Sales Mergers and Acquisitions Spikes Before a material announcement Key Elements
    [Show full text]
  • Insurance Coverage for Data Breaches and Unauthorized Privacy Disclosures
    This material was published as chapter 16 in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age (2nd ed.) by Ryan P. Blaney of Proskauer Rose LLP (©2016 & Supp. 2019 by Practising Law Institute), www.pli.edu. Reprinted with permission. Not for resale or redistribution. Chapter 16 Insurance Coverage for Data Breaches and Unauthorized Privacy Disclosures Steven R. Gilford JAMS Marc E. Rosenthal* Proskauer Rose LLP § 16:1 Overview § 16:2 Applicability of Historic Coverages § 16:2.1 First- and Third-Party Coverages for Property Loss [A] First-Party Property Policies [B] Third-Party CGL Policies: Coverage for Property Damage Claims § 16:2.2 CGL Coverage for Personal and Advertising Injury Claims [A] Publication Requirement [B] Right to Privacy As an Enumerated Offense [B][1] Telephone Consumer Protection Act Cases [B][2] Fair Credit Reporting Act Cases [B][3] “ZIP Code” Cases * The authors would like to thank Proskauer summer associates Dakota Treece and Libbie Osaben for their work researching and updating the current version of this chapter. (Proskauer, Rel. #6, 10/19) 16–1 ©2016 & Supp. 2019 by Practising Law Institute. Not for resale or redistribution. § 16:1 Proskauer on Privacy § 16:2.3 Other Coverages [A] Directors and Officers Liability Insurance [B] Errors and Omission Policies [C] Crime Policies § 16:3 Modern Cyber Policies § 16:3.1 Key Concepts in Cyber Coverage [A] Named Peril [B] Claims Made § 16:3.2 Issues of Concern in Evaluating Cyber Risk Policies [A] What Is Covered? [B] Confidential Information,
    [Show full text]
  • BIS Quarterly Review September 2007 International Banking and Financial Market Developments
    BIS Quarterly Review September 2007 International banking and financial market developments BIS Quarterly Review Monetary and Economic Department Editorial Committee: Claudio Borio Frank Packer Paul Van den Bergh Már Gudmundsson Eli Remolona William White Robert McCauley Philip Turner General queries concerning this commentary should be addressed to Frank Packer (tel +41 61 280 8449, e-mail: [email protected]), queries concerning specific parts to the authors, whose details appear at the head of each section, and queries concerning the statistics to Philippe Mesny (tel +41 61 280 8425, e-mail: [email protected]). Requests for copies of publications, or for additions/changes to the mailing list, should be sent to: Bank for International Settlements Press & Communications CH-4002 Basel, Switzerland E-mail: [email protected] Fax: +41 61 280 9100 and +41 61 280 8100 This publication is available on the BIS website (www.bis.org). © Bank for International Settlements 2007. All rights reserved. Brief excerpts may be reproduced or translated provided the source is cited. ISSN 1683-0121 (print) ISSN 1683-013X (online) BIS Quarterly Review September 2007 International banking and financial market developments Overview : credit retrenchment triggers liquidity squeeze.................................... 1 Credit markets sell off as mortgage exposures are reassessed ............. 2 Box: Liquidity risk and ABCP mechanics ............................................ 7 Bond yields plunge as investors flee risky assets .................................
    [Show full text]
  • Introduction to Competitive Intelligence
    INTRODUCTION TO COMPETITIVE INTELLIGENCE GIA WHITE PAPER 1/2004 Executive Summary Competitive intelligence can be defined as The intelligence terminology has always been knowledge and foreknowledge about the somewhat blurred, and new terms emerge as the external operating environment. The ultimate intelligence discipline matures within the corporate goal of each intelligence process is to facilitate setting. decision-making that leads to action. • Competitive Intelligence, Successful business strategy requires awareness • Business Intelligence, about the company’s external environment, • Market Intelligence and including its customers, competitors, industry • Corporate Intelligence structure, competitive forces etc. Information about these issues is the key target of competitive are often used interchangeably or as synonyms, intelligence. Competitive intelligence can be while defined as knowledge and foreknowledge about the external operating environment. The ultimate • Strategic Intelligence, goal of each intelligence process is to facilitate • Customer Intelligence, decision-making that leads to action. • Competitor Intelligence and • Technology Intelligence The intelligence process enables turning information into intelligence by processing it via analysis, add a dimension of specificity to the subject. interpretation and synthesis and utilizing it in the Eventually, all intelligence terms refer to using future-oriented decision-making. Managing the systematic methods to collect, analyze and future does not only mean being able to anticipate disseminate information that supports decision- what will happen outside the company but also making. being able to shape the happenings through own actions, i.e. to proactively create one’s future. According to one of the views, Competitive Intelligence (CI) is regarded as the broadest Competitive Intelligence is not market research scope of intelligence activities covering the whole or industrial espionage.
    [Show full text]
  • January 26, 2021 | for Informational Purposes Only This Is
    • ARK Investment Management LLC Big Ideas 2021 January 26, 2021 | For Informational Purposes Only This is not a recommendation in relation to any named securities and no warranty or guarantee is provided. Any references to particular securities are for illustrative purposes only. There is no assurance that the Adviser will make any investments with the same or similar characteristics as any investment presented. The reader should not assume that an investment identified was or will be profitable. PAST PERFORMANCE IS NOT INDICATIVE OF FUTURE PERFORMANCE, FUTURE RETURNS ARE NOT GUARANTEED. www.ark-invest.com 2 • Big Ideas 2021 ARK aims to identify large-scale investment opportunities by Introduction focusing on who we believe to be the leaders, enablers, and beneficiaries of disruptive innovation. While we believe innovation is the key to growth, the opportunities it creates can be missed or misunderstood by traditional investment managers who are more focused on sectors, indexes, short-term earnings, and price movements. ARK’S BIG IDEAS ARK seeks to gain a deeper understanding of the convergence, market potential, and long-term impact of disruptive innovation by researching a global universe that spans sectors, industries, and markets. Today, we are witnessing an acceleration in new technological breakthroughs. To enlighten investors on the impact of these breakthroughs and the opportunities they should create, we began publishing Big Ideas in 2017. This annual research report seeks to highlight the latest developments in innovation and offers some of our most provocative research conclusions for the year. About ARK Headquartered in New York City, ARK Investment Management LLC is a federally registered investment adviser and privately held We hope you enjoy our “Big Ideas” for 2021.
    [Show full text]
  • Market Intelligence in Large Companies
    Market Intelligence in Large Companies Global Study 2007 GIA White Paper 2/2007 This is the second time the 1. EXecUtiVE SUmmaRY For this report, 281 companies were interviewed in order to Global Market Intelligence identify the present status, organization, IT tools and future Study has been carried out; outlook of Market Intelligence activities. the first time was in 2005 Companies from the following countries took part in the study: Belgium, Finland, UK, the Netherlands, United States, India, and it is now one of the most Brazil, Germany, and Spain. Member companies in the Global Intelligence Alliance in these countries were responsible for data comprehensive, if not the most collection. comprehensive, global Market In general, the vast majority of large companies in all markets conduct Market Intelligence activities which are mostly aimed Intelligence study based on at acquiring further information on competitors, industry and interviews. customers. Market Intelligence activities are mainly conducted to support corporate strategic planning and business development, while sales and marketing remain another typical user group of the collected business information. Market Intelligence is currently still a relatively nascent practice within companies, however, across all the markets companies do appear to conduct all forms of MI activities (continuous monitor- ing, regular reviews, ad-hoc reports). GIA White Paper 2/2007 Market Intelligence in Large Companies - Global Study 2007 The vast majority of companies conduct their own Market Intelligence information process- 2/2007 ing within a centralized unit. However, MI activity is still relatively small-scale given that the global average for personnel allocated to MI activities is below ten.
    [Show full text]
  • Content Analysis of Cyber Insurance Policies: How Do Carriers Price Cyber
    Journal of Cybersecurity, 2019, 1–19 doi: 10.1093/cybsec/tyz002 Research paper Research paper Content analysis of cyber insurance policies: how do carriers price cyber risk? Downloaded from https://academic.oup.com/cybersecurity/article-abstract/5/1/tyz002/5366419 by guest on 18 June 2019 Sasha Romanosky, Lillian Ablon, Andreas Kuehn and Therese Jones RAND Corporation, 1200 South Hayes St, Arlington VA, 22202 *Corresponding author: E-mail: [email protected] Received 1 October 2018; accepted 20 December 2018 Abstract Data breaches and security incidents have become commonplace, with thousands occurring each year and some costing hundreds of millions of dollars. Consequently, the market for insuring against these losses has grown rapidly in the past decade. While there exists much theoretical litera- ture about cyber insurance, very little practical information is publicly available about the actual con- tent of the polices and how carriers price cyber insurance premiums. This lack of transparency is es- pecially troubling because insurance carriers are often cited as having the best information about cyber risk, and know how to assess – and differentiate – these risks across firms. In this qualitative re- search, we examined cyber insurance policies filed with state insurance commissioners and per- formed thematic (content) analysis to determine (i) what losses are covered by cyber insurance poli- cies, and which are excluded?; (ii) what questions do carriers pose to applicants in order to assess risk?; and (iii) how are cyber insurance premiums determined – that is, what factors about the firm and its cybersecurity practices are used to compute the premiums? By analyzing these policies, we provide the first-ever systematic qualitative analysis of the underwriting process for cyber insurance and uncover how insurance companies understand and price cyber risks.
    [Show full text]
  • Market Intelligence Utilization by Small Food Companies: an Application of the Grounded Theory Method in Exploratory Research Aaron J
    Market Intelligence Utilization by Small Food Companies: An Application of the Grounded Theory Method in Exploratory Research Aaron J. Johnson, Thorsten M. Egelkraut, and Cyrus Grout Insights into how small agribusinesses acquire, process, and use market intelligence are critical to improving their marketing competencies and to understanding practices that lead to better business performance. However, the cur- rent body of literature is limited in this topic. We apply the exploratory research method of grounded theory to better understand how small- to medium-sized food companies fi nd and utilize information in their decision-making process. We develop a taxonomy of information types sought and provide insight into how and when these fi rms utilize this information. In addition, we develop a conceptual model that demonstrates different relationships between informa- tion, knowledge, and actions. Decision-makers continuously face the challenge their decision-making process? Grounded theory, of identifying and interpreting market intelligence which was effectively introduced to agribusiness and balancing the costs and benefi ts of acquiring researchers by Bitsch (2001, 2005), is particularly and using that information. While larger agricultural well suited to this study’s objective, as it provides companies have separate marketing departments, a rigorous and systematic framework to inductively small agribusinesses often lack the resources and generate new understandings and to capture unex- skills for extensive market research and intel- pected results that may be missed by other meth- ligence processing. As a result, small businesses ods that rely on ex ante hypotheses (Finch 2002). are likely to conduct market research haphazardly, Employing grounded theory, we generate nine if at all (Carson, McGowan, and Hill 1996; Udell, testable hypotheses of how small food companies Knotts, and Jones 2002).
    [Show full text]