Now showing 1 - 9 of 9
  • Publication
    The supply of cyber risk insurance
    Cyber risk insurance has been introduced for more than two decades in the United States, yet the insurance market for cyber risk is tiny amounting to 1% ($6.5 billion) of premiums in the U.S. property-casualty insurance market in 2021. In this paper, we analyze what constrains the insurance industry from providing larger capacity. We argue that cyber risk is special in that it is both information-intensive to underwrite and heavy-tailed. It leads to the tension between the need to raise large amounts of external capital to finance heavy-tailed risks and the high compensation demanded by capital providers due to information frictions. Hence, the suppliers are large insurance groups with a deep internal capital market, and their capacity is constrained. We start by providing empirical evidence that the cyber risk insurance market is dominated by large insurance groups and that, compared to other types of insurance, cyber insurance relies heavily on the groups' internal capital market. Then, using an exogenous shock on the tax treatment of the non-U.S. affiliated reinsurance in 2017, we establish the causal inference that insurers primarily rely on the internal capital market to supply cyber risk insurance.
  • Publication
    The supply of cyber risk insurance
    Cyber risk insurance has been introduced for more than two decades in the United States, yet the insurance market for cyber risk is tiny amounting to 1% ($6.5 billion) of premiums in the U.S. property-casualty insurance market in 2021. In this paper, we analyze what constrains the insurance industry from providing larger capacity. We argue that cyber risk is special in that it is both information-intensive to underwrite and heavy-tailed. It leads to the tension between the need to raise large amounts of external capital to finance heavy-tailed risks and the high compensation demanded by capital providers due to information frictions. Hence, the suppliers are large insurance groups with a deep internal capital market, and their capacity is constrained. We start by providing empirical evidence that the cyber risk insurance market is dominated by large insurance groups and that, compared to other types of insurance, cyber insurance relies heavily on the groups' internal capital market. Then, using an exogenous shock on the tax treatment of the non-U.S. affiliated reinsurance in 2017, we establish the causal inference that insurers primarily rely on the internal capital market to supply cyber risk insurance.
  • Publication
    The supply of cyber risk insurance
    Cyber risk insurance has been introduced for more than two decades in the United States, yet the insurance market for cyber risk is tiny amounting to 1% ($6.5 billion) of premiums in the U.S. property-casualty insurance market in 2021. In this paper, we analyze what constrains the insurance industry from providing larger capacity. We argue that cyber risk is special in that it is both information-intensive to underwrite and heavy-tailed. It leads to the tension between the need to raise large amounts of external capital to finance heavy-tailed risks and the high compensation demanded by capital providers due to information frictions. Hence, the suppliers are large insurance groups with a deep internal capital market, and their capacity is constrained. We start by providing empirical evidence that the cyber risk insurance market is dominated by large insurance groups and that, compared to other types of insurance, cyber insurance relies heavily on the groups’ internal capital market. Then, using an exogenous shock on the tax treatment of the non-U.S. affiliated reinsurance in 2017, we establish the causal inference that insurers primarily rely on the internal capital market to supply cyber risk insurance.
  • Publication
    The changing landscape of cyber risk: An empirical analysis of frequency, severity and tail dynamics
    ( 2023-12-18) ; ;
    Rustam Ibragimov
    Cyber risk has become a major theme in information security research. Yet relatively little is known about its statistical features and how it evolves over time. This paper utilizes three cyber databases to examine the empirical properties of cyber risk. We first deal with report delays with an extended two-stage model and then identify structural changes in the frequency and severity of different cyber risk categories. We document that for malicious events the frequency has grown exponentially in the past two decades and the financial loss distribution has shifted toward greater severity since 2018. The increasing trends for other categories are slower in frequency and less clear in severity. We also explore the tail dynamics and find that the heavy-tailedness of cyber risk is persistent. Finally, we discuss the implications of the documented empirical features and show that they lead to lower insurance demand and potentially higher risk levels for firms.
  • Publication
    Time dynamics of cyber risk
    ( 2022) ; ;
    Ibragimov, Rustam
    This is the first paper to jointly analyze the three main cyber loss datasets (Advisen, SAS OpRisk and PRC), yielding the most comprehensive cyber loss data yet considered in the literature. We first study the problem of report delay bias by applying a two-stage model and document a faster rate of increase for cyber risk frequency compared with the original data. Based on these results, we then focus on the time dynamics of cyber risk frequency and severity, where we separately study the properties of full distribution and tail of loss severity. We find the loss distribution of cyber events shifts leftwards for both monetary loss and non-monetary loss (such as accounts/records breached) in the recent period, but the trend of tail risk is different for these two types of loss. The tail risk of non-monetary loss is increasing, while the other is not, although they both exhibit heavy-tailedness over time. Our results are important for cyber risk management and understanding the insura- bility of cyber risk