Cyber Risk emerges in the Property & Casualty Market - Reflections on a Year of Education and Research

Michelle Bradley, ACAS, MAAA, ARM, CERA, CCIS, Consulting Actuary

Cyber risk is likely the most significant property casualty risk to emerge in recent times. Premiums for cyber risk are growing significantly, and daily headlines bring attention to yet another major data breach affecting an entity. Most of us with credit cards have probably had new cards issued because of a breach in the last year, and many of us have had health information compromised. Cyber Risk Throughout the course of 2015, I attended several cyber and security risk management, conferences in addition to doing extensive research on the topic. After reflecting on the information, I have compiled a summary of important actuarial issues related to cyber risk.

  • Credible industry data or unique company data does not exist for most companies to assess cyber risk using solely quantitative methods. Instead, the process of evaluating cyber risk should be holistic, involving both quantitative and qualitative assessments.
  • Limited industry benchmarking data does exist, however. Three example sources of data are the Ponemon Institute, The Verizon Data Breach Investigations Report, and the RIMS Cyber Survey.
  • The components of a cyber risk event could involve many expense items, such as litigation, public relations, investigations, privacy breach notifications, data restoration, regulatory penalties, loss of customers, and reputational risk.
  • Cyber risk is being added to some of the captives SIGMA works on. Our experience is that the risk is normally included in captives as deductible coverage or low limit coverage. Since policy types are almost always claims-made, year-end reserving is straightforward, if there is no reported or known claim as of the evaluation date.

As of May 2014, there will be a shift in language of GL policies to reflect a group of exclusions to prevent GL policies from covering cyber risk as proposed by ISO. This should increase the purchase of stand-alone cyber policies.

Cyber risk policies are difficult to compare due to an extreme lack of consistency in policy structure, language, exclusions, and coverage. Definitions of these may even vary considerably.

Cyber risk introduces broad and sweeping threats to a company. It truly is an enterprise risk and should be handled in a holistic fashion with multiple departments within a company or entity involved in managing the risk. Additionally, external experts from various disciplines should be considered for addition to a team evaluating the risk. Actuarial implications and analyses at this stage of emergence are difficult to define. However, as stand-alone policies continue to emerge, and as companies begin to include the risk in captive insurance companies, the need for analysis will become more important.

We welcome your feedback by posting a comment, or contacting Michelle Bradley at mb@SIGMAactuary.com.
© 2016 SIGMA Actuarial Consulting Group, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

Recent Posts

November 18, 2025
CPI 101: How the Consumer Price Index Shapes Inflation, Economics, and Actuarial Decisions
Zachary Delfendahl, Actuarial Analyst, and Cherith Pettit, Actuarial Intern
No Comments
The Consumer Price Index (CPI) is a crucial measurement of the cost of living in our economy, and since the economy is always changing, the methods used to calculate the CPI are adapting to that change. In this month's blog, we will be discussing some common questions regarding CPI, such as: what it...
Read More
October 22, 2025
Harnessing the Full Spectrum of Information
Jason Luckett, ACAS, MAAA, Consulting Actuary, and Rich Moncher, FCAS, MAAA, Consulting Actuary
No Comments
Jason Luckett and Rich Moncher were recently featured in an article by Captive Insurance Times titled, "Harnessing the Full Spectrum of Information". In it, they discuss property analytics for the captive insurance market. The property insurance market is evolving, and analytics can support effectiv...
Read More
September 24, 2025
Independent Captive Manager Q&A With USA Risk Group
Scott Stollmeyer and Giles Hobday
No Comments
Today we are joined by Vice President, Scott Stollmeyer, and Account Manager, Giles Hobday, from USA Risk Group. They will be shedding a light in this Q&A on the benefits of your captive manager being independent. Q1: What makes a captive manager independent, and how is that designation helpful ...
Read More
September 17, 2025
Quantifying Captives' Strategic Value
Michelle Bradley, ACAS, MAAA, ARM, CERA, CCIS, Consulting Actuary, and Enoch Starnes, ACI, Captive and Complex Risk Consultant
No Comments
Michelle Bradley and Enoch Starnes were recently featured in an article by Captive Insurance Times titled, "Quantifying Captives' Strategic Value". In this informative Q&A article, they share insights on how actuarial analysis is helping captives deliver broader strategic value beyond cost savin...
Read More

Subscribe to Our Blog



Copyright © 2023 – 2025 SIGMA Actuarial Consulting Group, Inc. All Rights Reserved.
chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram