1 / 44

Cyber Insurance as Digital Strategy

Cyber risk insurance can be used as a powerful tool for creating the foundations of a robust data economy.

RandeepSudan
Download Presentation

Cyber Insurance as Digital Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Insurance as Digital Strategy Randeep Sudan Adviser Digital Strategy and Government Analytics World Bank Kuala Lumpur November 20, 2017

  2. Outline • Digital Economy • Strategy to grow the digital economy • Data and Artificial Intelligence • Cyber risks • Cyber insurance • EU’s General Data Protection Regulation • Policy directions

  3. Digital Economy

  4. The Digital Economy

  5. Malaysia’s Digital Economy • 18.3% of Malaysia’s GDP in 2016. • Expected to increase to 20% by year 2020.

  6. The economy is digital “Rather than referring to the ‘digital economy,’ we must now recognize that the economy is digital”. Transatlantic Digital Economy and Data Protection (Paper prepared for the European Parliament), 2016 (http://www.europarl.europa.eu/RegData/etudes/STUD/2016/535006/EXPO_STU(2016)535006_EN.pdf)

  7. Strategy to Grow the Digital Economy

  8. Growing the Digital Economy • Data foundational for the digital economy • Merger of the physical and virtual worlds • Creation of digital twins • People, places, objects, processes • Removing friction in data flows • Physical infrastructure: Broadband • Data access: Open data, open APIs • Regulation • Securing data

  9. Outline of a strategy • Identify data • Assign a monetary value to data • Create data markets • Secure data • Create data and data security skills in the economy • Cyber insurance as strategy

  10. Exponential growth of data

  11. Exponential growth of data Cisco (Visual Networking Index) estimates that annual global IP traffic reached 1.1 ZB per year by the end of 2016 and will grow at a compound annual growth rate (CAGR) of 22 percent till 2020.

  12. Source: Mary Meeker, Kleiner Perkins, Internet Trends 2017

  13. Rise of Artificial Intelligence

  14. Google’s CEO SundarPichai’s keynote at the Google I/O event on May 17, 2017

  15. Korea’s Mid- to Long-Term Master Plan in Preparation for the Intelligent Information Society “An intelligent information society is a society in which new value is generated and progress is achieved through the application of intelligent information technology (Intelligent IT)—backed by the generation, collection, and analysis of massive volumes of data by cutting edge information and communications technologies—to every aspect of the economy, society and human life”.

  16. Data goals Source: Mid-to Long-Term Master Plan in Preparation for the Intelligent Information Society Managing the Fourth Industrial Revolution (South Korea)

  17. Source: Mid-to Long-Term Master Plan in Preparation for the Intelligent Information Society Managing the Fourth Industrial Revolution (South Korea)

  18. Source: Mid-to Long-Term Master Plan in Preparation for the Intelligent Information Society Managing the Fourth Industrial Revolution (South Korea)

  19. Cyber threats

  20. World Economic Forum’s Global Risk Landscape 2017

  21. Source: 2017 State of Cyber Security F-Secure

  22. Target: Impact of a Major Security Breach

  23. Source: Veracode’s State of Software Security 2017

  24. Lloyd’s of London estimated in 2015 that a cyberattack on the US East Coast power grid could result in $1 trillion in economic losses and $71 billion in insurance industry losses, primarily from business interruption, property damage, and injury or loss of life.

  25. Space Weather Phenomenon “The most severe space weather event recorded in history is the Carrington Event of 1859. From 28 August to 4 September 1859, auroral displays, often called the northern or southern lights, spanned several continents and were observed around the world. A British amateur astronomer, Richard Carrington, recorded the solar outburst, a white-light flare, which was verified independently by Richard Hodgson in London. According to modern experts, the auroras witnessed were actually two intense geomagnetic storms. Across the world, telegraph networks experienced disruptions and outages as a result of the currents generated by the geomagnetic storms. In addition to disturbing the telegraph networks, operators in various locations disconnected batteries from their systems and used the current generated by the aurora to send messages (NAS, 2008). The economic costs associated with a catastrophic event similar to that of the Carrington Event could measure in the range of several trillion dollars (U.S. House Homeland Security Committee, 2009)”. Source: OECD, Geomagnetic Storms 2011

  26. Cyber Insurance

  27. Cyber insurance market • Stand alone cyber insurance market estimated at $3.5 billion in premiums in 2016 • Approximately $3 billion on behalf of US-based companies and $300 million on behalf of European companies • In comparison motor vehicle insurance $373 billion in G7 countries. • $230 billion for property insurance – residential and commercial

  28. Market immaturity • 20 to 35% of all US companies have specific cyber insurance coverage. • 20 to 25% of mid-to-large companies have purchased cyber insurance in Europe and the UK.

  29. Cyber risk insurance • AIG reports that requests for cyber insurance policies jumped by 87 per cent in Asia year on year compared to the same period following WannaCry: Financial Times, August 9, 2017 • WannaCry affected organizations in 150 countries, including Britain’s National Health Service, FedEx, Renault and Telefónica. Source: Cyber insurance market expected to grow after WannaCry attack FT, May 16, 2017

  30. Cyber insurance for governments • Montana has a $2 million policy, covering all agencies. It pays an $88,200 annual premium and has a $100,000 deductible per incident and a 10 percent copayment for credit monitoring. • Utah pays $230,000 a year for $10 million in cyber coverage and has a $1 million deductible. • In 2012 a data breach of a Department of Health server exposed 780,000 residents’ personal information to hackers. • The state had to spend millions of dollars for credit monitoring and legal fees and conducting a security assessment of all state servers. • Georgia has a $100 million coverage. It pays a $1.8 million-a-year premium and has a $250,000 deductible per incident.

  31. Insurance services • Montana had a breach of Public Health and Human Services data in 2014. • The insurance company helped with the mailings (more than a million people), set up a call center, and provided forensic investigation, legal and communications assistance, and credit monitoring.

  32. Keystone Initiative

  33. Keystone Initiative on Cyber Risk Insurance • Encourage data discovery, data valuation, and data security • Market mechanism to ensure data security • Insurers won’t provide coverage unless organizations meet certain standards (e.g. ISO 27000, ISO/IEC 27001, NIST’s Framework for Improving Critical Infrastructure Cybersecurity, CBEST Vulnerability Testing Framework, Stress Tests) • Better capacity to deal with cyber risks • Better information on data and data valuations would help creation of data markets, and better regulation of data flows • Data availability and data security – strong magnet for IT companies • Development of key data related skills

  34. Ponemon: Cost of Cyber Crime Study 2017

  35. Other imperatives

  36. Policy directions

  37. Policy interventions • Common classification of cyber incidents and types of losses. • Trusted public-private security incident repository to mitigate lack of actuarial data • Under examination by insurance and government agencies in the UK and US • Incentives for data sharing and reporting of incidents • Encourage cyber insurance of critical infrastructure including financial services. • Incorporate cyber insurance in government’s procurement policies.

  38. Cyber Reinsurance • Possible public private partnership on cyber reinsurance along the lines of Pool Re in the UK or the Terrorism Risk Insurance Program Reauthorization Act 2015 in the US. • Require a minimum level of insurance that must be purchased by participating companies and would cover costs up to a limit, beyond which a federal backstop would come into effect.

  39. Understanding risks • Full breach investigations as by National Transportation Safety Board for aviation incidents. • An NTSB like entity could be run by the private sector and funded by insurance companies. (Robert K. Knake, Creating a Federally Sponsored Cyber Insurance Program).

  40. Companies in Cyber Insurance (Source Aon) US UK Bermuda

  41. Thank you!

More Related