From: Actuarial Post
By Matt Cullina, CEO of CyberScout
Q: How does the recent nature of cyber related policies and claims make it difficult for actuaries to really get a handle on measuring the risk?
Take-up of cyber insurance anywhere in the world apart from the United States is very low, with some estimates put at between 1 and 2%. This low uptake reduces the ability to spread risk evenly since, in markets of this kind, higher risk customers are more likely to take up the cover. Also, the volumes are too small to produce meaningful claims data. Even the market leaders in cyber coverage do not produce statistically significant data that could be used as part of the underwriting process.
Combine these limitations with the fact that these policies are still not yet standardized as are other types of cyber cover that address a wide range of policy types. In addition, the extremely complex and rapidly evolving nature of technology that underlies these types of claims means that the losses we saw 3-4 years ago are quite different from the types of losses we see today, and tomorrow’s losses will be still different. From an actuarial perspective, assessing risk is a moving target.
Q: How does the evolving threat landscape in cyber complicate this?
Leave a Reply