This white paper is co-authored by Denny Wan (https://www.linkedin.com/in/wandenny/) and Petra Wildemann (https://www.linkedin.com/in/petra-wildemann-1b6798/), and is published by the Swiss Cyber Think Tank (https://cyber-risk-insurance.com/wp-content/uploads/2018/08/Cyber-Insurance-Incentive-model-27Aug2018.pdf) and Security Express (https://www.securityexpress.com.au/wp-content/uploads/2018/10/Cyber-Insurance-Incentive-model.pdf).

This whitepaper extends the concept of Pro-active Cyber Insurance Pricing Model (by the same authors) leveraging cyber risk control metrics in order to encourage insureds to improve their cyber security posture. This whitepaper explores the underpinning incentive model for cyber insurance policy and its potential to elevate and amplify the incentive effort.

Insurance is a risk transfer model whereby the insurers promise to compensate the insureds financially when the insured risk events materialise. The insurers maintain their right to adjust the payable claim amount based on their assessment of the actual financial damages suffered by the insureds attributable to the insured risk events. The maximum payable claim amount is known as the “policy aggregate limit” in the policy. From the insureds’ perspective, the aggregate limit is a continuum in funding available to mitigate their financial risk exposure to the insured risk events.

The default risk mitigation option is “self-insured” and when the insurance premium is a relatively small sum compared to the aggregate limit, such an approach can be financially attractive.

However, if this market split were to materialise, this would present a very good opportunity for our proposed Pro-active Cyber Insurance Model, since the insurers would earn higher premiums at the risk of higher exposure to a much more concentrated insureds demographics with similar risk profiles.

In the white paper “Cyber Insurance Incentive Model”, Denny Wan and Petra Wildemann tentatively compare Cyber incentive models to more complicated insurance business lines. A great deal of careful analysis will be required to accomplish a more in-depth comparison. This is in particular the case because historical claim-data-driven risk models are not suitable for forecasting future risks, and measurement and modelling approaches that have been developed for other risks (such as natural catastrophes) cannot easily be transferred to cyberrisk. We feel that our approach is genuinely unique and has material value, and we are in the process of clarifying a solid path for execution, e.g. by identifying sources of incentives.

Find the original article here: https://www.linkedin.com/pulse/cyber-insurance-incentive-model-denny-wan/