The Casualty Actuarial Society has announced the formation of the Task Force on Cyber Risk, an initiative that reflects the rapid growth of cyber risk and the pressing need to find effective means of analyzing it.

The task force will engage in research activities and provide educational opportunities in the analysis of cyber risk, with a particular focus on contingent events arising from cyber risk and the financial implications of these events.

Recently reported data breaches at large corporations, educational institutions and government agencies illustrate the rapid growth of cyber risk. Ways of managing cyber risk exposure range from employing more effective information security measures to wider use of cyber insurance.

Cyber risk is one of the key components of operational risk to which every company is exposed. In the context of cyber risk insurance as a mechanism of risk transfer, the analysis of cyber risk is essential in setting insurance premium levels, evaluating liabilities for insured cyber losses and enterprise risk management of insurance companies underwriting cyber risk insurance.

“We believe that in addressing the challenge of cyber risk analysis, it is essential to follow a multidisciplinary approach that brings together experts in actuarial science, cybersecurity and information technology, big data analytics, legal and other fields,” said Alex Krutov, chairperson of the Task Force on Cyber Risk. “We encourage other professionals and organizations to join us in the important effort of advancing research and education in the area of rapidly evolving cyber risk.”

Many aspects of cyber risk remain poorly understood. With few exceptions, the expertise needed to analyze the probability and ultimate financial impact of cyber-related events such as data breaches or business interruption is limited, both at the companies directly exposed to the risk and in the insurance industry. Often, unscientific qualitative methods are used for this task.

While there is a growing body of research on some of the specific IT aspects of the risk, it is particularly difficult to tie that research to financial outcomes and insurance coverage. The Task Force on Cyber Risk intends to contribute to this ongoing research, but its primary research goal is to utilize a multidisciplinary approach in order to gain a more comprehensive and accurate view of cyber risk.

Source: Casualty Actuarial Society