Transcript Download Presentation

A PRESENTATION TO
CAS 2015 Reinsurance Seminar
Assessing & Reinsuring Cyber Risks
Dr Raveem Ismail DPhil, MSc by Research, MPhys (Oxon), MInstP
Ariel Re (Bermuda)
[email protected]
Relevant background
Oxford. Physics and Atmospheric Physics (microphysical
modelling, volcanoes, aviation emissions, cirrus cloud).
Exclusive Analysis (now part of IHS). Political Risk/Violence
consulting.
Aon Benfield. Terrorism Model Lead.
Validus/Talbot. Terrorism & War Underwriting Analyst.
Ariel Re. Specialty Treaty Underwriter.
2
The cyber insurance market
Not new.
Exclusions: NMA 2914, NMA 2915, CL 380.
Lloyd’s risk code CY in 2013.
No longer purely an FI / privacy hacking issue.
Focus now: “malicious” cyber, and BI not just
PD.
3
Attributes
 The parallels with natural hazards do not hold.
 Exposure is rapidly changing, and is connected in hidden
ways: non-geographic accumulation*.
 The parallels with physical assets do not hold either.
 Self-certification is not an option!
 Therefore difficult to model:
“The current state of cyber modeling is like trying to use the count
of arrests for a crime to figure out the dollar losses from theft.
They are related, but not in all the ways you want…”**.
* http://www.gccapitalideas.com/2014/10/21/costs-of-cyber-attacks/
** http://www.riskandinsurance.com/cyber-risk-models-remain-elusive
4
A few cyber developments
 Internet Of Things (IOT). E.g., surgical devices*.
 Hacking even “air-gapped” (physically isolated) networks,
systems and devices possible.
 Many sophisticated actors. Including governments**.
 Post-Snowden behavior changes: minimal/non-existent***.
 Potential catastrophes: aeroplane hacking^, Equation
Group^^.
* http://money.cnn.com/2013/04/08/technology/security/shodan/index.html , http://www.technologyreview.com/view/537001/security-experts-hack-teleoperated-surgical-robot/
** http://www.bbc.com/news/uk-28623365
*** http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext
^ http://www.wired.com/2015/04/twitter-plane-chris-roberts-security-reasearch-cold-war/ , http://arstechnica.com/security/2015/05/alleged-plane-hacker-said-he-pierced-boeing-jets-firewall-in-2012/
^^ http://arstechnica.com/security/2015/03/new-smoking-gun-further-ties-nsa-to-omnipotent-equation-group-hackers/ , http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/ ,
http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
5
Thoughts for the future
 Not an opportune point in the insurance cycle.
 Yet to see a credible cost-effective accumulation method
and auditing process for insureds.
 Loss experience needed.
 Work with governments and credible third parties.
 Data, when it comes, should come quickly.
6