Cyber risk and its mathematical modelisation

C. Hillairet - O. Lopez

May 25, 2022

The growth of the digital economy has brought about profound transformations in most economic sectors. These changes have modified the mapping of risks incurred by companies, particularly those related to information systems. In a few years, cyber risk has emerged as one of the main threats to companies (report by the French Ministry of the Interior [RM19]). For Jerome Powell, President of the US Federal Reserve, cyber-attacks are now the main threat to the global financial system, costing 1% of the world’s GDP, or $1 trillion. The finance and insurance sector may find itself a victim of the crisis and must be prepared for it. But it is also a provider of risk coverage solutions, if their model is viable.

Given the systemic and extreme nature of cyber risk, many questions arise the viability of the cyber insurance market and the capacity of the sector to mutualize losses in the event of a major disaster. In order to see the emergence of economically viable financial protection, it is necessary to quantify the impacts of the cyber risk. However, this evaluation of a multi-faceted risk requires advanced statistical and probabilistic techniques to anticipate the costs, the evolution of the threat and its financial impacts.

After recalling the particularities of cyber risk, the objective of the course is to present some theoretical tools useful for a better modeling and quantification of cyber risk, both on the severity component (size of the losses) and on the frequency component (contagion and accumulation).

  1. Introduction: characteristics of cyber risk, ecosystems of cyber criminals; Identification of factors that jeopardize mutualization.
  2. Risk segmentation, extreme events: CART classification tree, heavy tail distributions.
  3. Modeling of accumulation scenarios: epidemiological models and network effects, saturation risk and impact of protection measures.
  4. Auto-correlation of disaster events: Hawkes auto-excited processes

References

  • [ODHL21] C. Hillairet et O. Lopez. « Cyber-assurance : enjeux, modélisations et leviers de mutualisation », Opinions & Débats n°24, Institut Louis Bachelier, 2021.
  • [BBH20] Y. Bessy-Roland, A. Boumezoued and C. Hillairet. « Multivariate Hawkes process for cyber insurance », Annals of Actuarial Science, 2020.
  • [FLT21] S. Farkas, O. Lopez and M. Thomas. « Cyber claim analysis through Generalized Pareto Regression Trees with applications to insurance pricing and reserving », Insurance: Mathematics and Economics, 2021.
  • [HL21] C. Hillairet and O. Lopez. « Propagation of cyber incidents in an insurance portfolio : counting processes combined with compartmental epidemiological models », Scandinavian Actuarial Journal, 2021.
  • [RM19] Etat de la menace numérique en 2019, https://www.interieur.gouv.fr/Actualites/Communiques/L-etat-de-la-menace-liee-au-numerique-en-2019