Nos derniers articles

Cet article détaille l'évolution des produits au-delà de l'assurance cyber traditionnelle, tels que la (ré)assurance cyber, les garanties, l'assurance paramétrique et les obligations catastrophe cyber.

Il caractérise la manière dont ces solutions ont abordé quatre défis fondamentaux : adapter la couverture au paysage des menaces, gérer la solvabilité, la collecte de données pour l'évaluation des risques, et créer des incitations à la réduction des risques.

Il retrace la progression du marché à travers des phases distinctes — cyber expérimental, assurance contre les violations de données et l'épidémie de rançongiciels — soulignant le passage des questionnaires de sécurité autodéclarés à la collecte de données automatisée et aux partenariats avec les fournisseurs de technologie.

En fin de compte, les auteurs concluent que la (ré)assurance cyber basée sur l'indemnisation a été le mécanisme le plus réussi pour transférer les risques, malgré les défis continus en matière de modélisation et d'agrégation du risque de catastrophe cyber.

Lack of high-quality public cyber incident data hinders empirical research and predictive modeling for cyber risk. Companies' reluctance to disclose incidents, fearing reputational damage, perpetuates this challenge. Actuarial solutions focus on enhancing existing datasets and employing advanced modeling. A new InsurTech framework is proposed to enrich cyber incident data with entity-specific attributes, addressing the gap in publicly available information. Machine learning models predict incident types and estimate frequencies, demonstrating improved robustness when incorporating InsurTech-derived features. This framework aims to generate transparent, entity-specific cyber risk profiles, supporting tailored underwriting and proactive risk mitigation for insurers and organizations.

AI could revolutionize UK sectors, enhancing productivity and decision-making, notably in finance by automating processes and refining decisions like underwriting. However, its rapid evolution raises uncertainties and financial stability risks, including systemic issues from flawed AI models, market instability, and cyber threats. The Financial Policy Committee (FPC) is assessing these risks to ensure safe AI adoption, supporting sustainable growth through vigilant monitoring and regulation.

While #financialrisks, #politicalrisks, #compliancerisks, and #cyberrisks are more easily quantifiable, #esgrisk presents a challenge for boards to identify, assess, and develop plans to its #riskmitigation. Using #nestlé USA as a case study, the article highlights how #esg#risks can migrate across different pillars: what initially appeared as #supplychainrisk moved across pillars into #litigation and #businessrisk before settling as ongoing ESG risk proper.

Proposes a new framework for regulating operational threats such as damage to physical assets, business disruption, and system failures. It suggests replacing rwa regulation with simple buffers of equity and outlines what a "macro-operational" approach to banking supervision might look like. It also acknowledges the limitations of macro-operational supervision and considers what new types of operations-specific emergency tools might need to be devised in response.

"Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators."

"We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals in the financial sector..."

"We distinguish three main types of cyber risks: idiosyncratic, systematic, and systemic cyber risks. While for idiosyncratic and systematic cyber risks, classical actuarial and financial mathematics appear to be well-suited, systemic cyber risks require more sophisticated approaches that capture both network and strategic interactions."

"We observe that cyber vulnerability and other financial shocks cannot be treated as uncorrelated risks and policy solutions for cyber security need to be calibrated for adverse financial conditions."

" In quantifying the solvency capital requirement gradient for cyber risk measurement according to Solvency II, a dangerous paradox emerges: an insurance company can be ranked as solvent according to Pillar 1 without adequately evaluating the operational solvency capital requirements under Pillar 2. "