A PRESENTATION TO CAS 2015 Reinsurance Seminar Assessing & Reinsuring Cyber Risks Dr Raveem Ismail DPhil, MSc by Research, MPhys (Oxon), MInstP Ariel Re (Bermuda) [email protected]
A PRESENTATION TO CAS 2015 Reinsurance Seminar Assessing & Reinsuring Cyber Risks Dr Raveem Ismail DPhil, MSc by Research, MPhys (Oxon), MInstP Ariel Re.
Jan 05, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A PRESENTATION TO
CAS 2015 Reinsurance SeminarAssessing & Reinsuring Cyber Risks
Dr Raveem Ismail DPhil, MSc by Research, MPhys (Oxon), MInstP
Ariel Re (Bermuda)
2
Relevant background
Oxford. Physics and Atmospheric Physics (microphysical modelling, volcanoes, aviation emissions, cirrus cloud).
Exclusive Analysis (now part of IHS). Political Risk/Violence consulting.
Aon Benfield. Terrorism Model Lead.
Validus/Talbot. Terrorism & War Underwriting Analyst.
Ariel Re. Specialty Treaty Underwriter.
3
The cyber insurance market
Not new.
Exclusions: NMA 2914, NMA 2915, CL 380.
Lloyd’s risk code CY in 2013.
No longer purely an FI / privacy hacking issue.
Focus now: “malicious” cyber, and BI not just PD.
4
Attributes
The parallels with natural hazards do not hold.
Exposure is rapidly changing, and is connected in hidden ways: non-geographic accumulation*.
The parallels with physical assets do not hold either.
Self-certification is not an option!
Therefore difficult to model:
“The current state of cyber modeling is like trying to use the count of arrests for a crime to figure out the dollar losses from theft. They are
related, but not in all the ways you want…”**.* http://www.gccapitalideas.com/2014/10/21/costs-of-cyber-attacks/ ** http://www.riskandinsurance.com/cyber-risk-models-remain-elusive
5
A few cyber developments
Internet Of Things (IOT). E.g., surgical devices*.
Hacking even “air-gapped” (physically isolated) networks, systems and devices possible.
Many sophisticated actors. Including governments**.
Post-Snowden behavior changes: minimal/non-existent***.
Potential catastrophes: aeroplane hacking^, Equation Group^^.
* http://money.cnn.com/2013/04/08/technology/security/shodan/index.html , http://www.technologyreview.com/view/537001/security-experts-hack-teleoperated-surgical-robot / ** http://www.bbc.com/news/uk-28623365 *** http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext^ http://www.wired.com/2015/04/twitter-plane-chris-roberts-security-reasearch-cold-war / , http://arstechnica.com/security/2015/05/alleged-plane-hacker-said-he-pierced-boeing-jets-firewall-in-2012 / ^^ http://arstechnica.com/security/2015/03/new-smoking-gun-further-ties-nsa-to-omnipotent-equation-group-hackers / , http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last / , http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
6
Thoughts for the future
Not an opportune point in the insurance cycle.
Yet to see a credible cost-effective accumulation method and auditing process for insureds.
Loss experience needed.
Work with governments and credible third parties.
Data, when it comes, should come quickly.
Related Documents
