Cyber Risk management: an actuarial point of view

In the last decades companies worldwide are facing a new kind of risk, namely cyber risk, that has emerged as one of the top challenges in risk management. Insurance was only recently applied to cyber world and it is increasingly becoming part of the risk management process, posing many challenges to actuaries. One of the main issues is the lack of data, in particular nancial ones. The aim of the paper is to point out the peculiarities of cyber insurance contracts with respect to the classical non life insurance ones both from the insurer and the insured's perspective. Therefore, the main actuarial principles that are fundamental to any valu- ation in cyber context are discussed. An illustrative example is proposed where the Chronology of Data Breaches provided by the Privacy Rights Clearing House is deeply analyzed. The most suitable distributions to represent the frequency and the severity of the reported cyber incidents are examined and the value at risk measure is estimated. Then, two ex- emplifying cases oer the assessment of both the premium required by the insurer and the indierence premium that the insured is willing to pay. Even though this research is still preliminary and shows some limits highlighted by the authors, it could offer useful information to better un- derstand this peculiar kind of insurance policies.