cyber risk challenge and the role of insurance
TRANSCRIPT
Cyber risk challenge and the role of insurance
3 November 2015
Carsten Topsch, Andreas Schlayer
Image: Clerkenwell / Getty Images
Accelerating Growth in Technology
(condensed)
1400 1450 1500 1550 1600 1650 1700 1750 1800 1850 1900 1950 2000 2050
Leads to exponential development
of cyber exposures
First 3D Chip3D Movies
Google Driverless CariPad
YoutubeGoogle
Hybrid Cars
DVDs
Cell PhonesWWW
Apple MacintoshMS-DOS
WordprocessorMicroprocessor
Windows
Man on Moon
Steam Engine
Telegraph
Light Bulb
Telephone
Car
TelescopePrinting Press
Source: asgard.vc 04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch 2
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
1
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
0
0
0
1
0
1
0
1
1
0
1
1
0
1
0
1
1
1
1
0
1
0
1
1
1
1
1
1
0
1
1
0
0
0
1
1
1
0
0
1
1
1
1
0
0
1
1
1
1
0
0
0
1
0
1
1
0
0
1
1
1
0
1
1
1
0
1
0
0
1
0
0
1
1
0
1
0
0
1
0
1
0
0
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
1
1
0
0
1
1
1
1
1
0
1
1
0
0
0
1
1
1
0
0
1
1
1
1
0
0
1
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
Exposure grows with evolution
of technology
Customer starts to perceive the
risk suddenly and unexpectedly
Therefore cyber risks are different
Cycle
Cycle
Cycle
Cycle
CycleChange
Change
Change
Change
Change
Demand for insurance
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch 3
Estimated Primary Insurance Cyber Market
Result
Exponential growth of cyber Insurance market
0
1
2
3
4
5
6
7
8
9
2013 2014 2015 2020
2013, 2014 & 2020
US market Rest of the world
In USD bn.
1.3–1.5
2.1–2.3
3.0–3.2
6.0–8.0
~1.2–1.4
~0.1
~5.0
~1.0–3.0
~2.0
~0.1–0.3
~2.75
~0.3–0.5
Source: RID market estimate based on different external sources
(Marsh & McLennan, Advisen, Barbican Insurance, Allianz, Betterley 04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch 4
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
1
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
0
0
0
1
0
1
0
1
1
0
1
1
0
1
0
1
1
1
1
0
1
0
1
1
1
1
1
1
0
1
1
0
0
0
1
1
1
0
0
1
1
1
1
0
0
1
1
1
1
0
0
0
1
0
1
1
0
0
1
1
1
0
1
1
1
0
1
0
0
1
0
0
1
1
0
1
0
0
1
0
1
0
0
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
1
1
0
0
1
1
1
1
1
0
1
1
0
0
0
1
1
1
0
0
1
1
1
1
0
0
1
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
1
0
0
0
1
1
1
1
0
1
1
0
1
1
0
0
0
1
1
1
0
0
0
1
1
Very quickly the demand for
insurance develops
And keeps changing and
evolving with every
technology cycle
Therefore cyber risks are different
Change Demand
DevelopEvolve
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch 5
For now identified areas of Cyber Insurance
Private Lines
insurance solutions
Data breach insurance
for commercial
business
Data breach insurance
for industrial business
Insurance of
critical infrastructure
Images: used under license from shutterstock.com 04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch 6
Challenges for an insurer which have to be mastered
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
Both in an dynamic and quickly changing environment
Pricing
Risk-
assessment
Claims
Handling
7
Munich Re Services
One Source to support your business
Service
Knowledge
Transformation
Market environment (global and national)
Business Experience
Legal developments
Risk assessment
Pricing
Terms & Conditions/Wordings and its Conception
Claims service
Network of (IT) Service Providers
Product consulting
Accumulation management
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch 8
Know-how sharing
International legal developments
SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
Canada
Broadening the Federal law “Personal
Information Protection and Electronic
Documents Act” (PIPEDA) following the US.
Partly stricter federal
state laws in force
Brazil
No Data Protection law. But several special
laws that address data protection
and security.
Like in Chile, trends for data protection
arising out of Brazil are expected to
influence other South American countries.
First debates about Data storage laws.
Malaysia
Personal data Protection
Act 2010
Indonesia
Electronic Information
Transaction Act
Germany
EU Guideline for Network- and
Information security.
“IT-Sicherheitsgesetz”
Liability of companies – e. g., § 93
Aktiengesetz, §43 GmbHG
Australia
New Government promises new laws
and enhanced data protection.
Privacy Act 1998
Russia
New “Data-localisation-law”, effective
since Sept. 2014. Collection of PII
Data in Russia, these have to be
stored in Russian data centres.
Companies have to use Russian
servers for data which was gathered
in Russia.
South Africa
Protection of Personal Information Act
(“POPIA”) 2013
Singapore
Is working on Data protection laws,
triggered by a huge incident/claim.
Could become a role model for other
Asian countries.
India
The government gathers
biometric data. Usage for those
still has to be regulated.
Otherwise EU-Regulation in
regards of Information- and Data-
protection serves as role model
Alternative
04 November 2015 9
Transformation into underwriting
Risk assessment
1. Underwriting-tool
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
2. Proposal Forms and Questionnaires, depending on the complexity of a single risk or portfolio
Overall Exposure
(low, medium, high)
Overall Complexity
(low, medium, high)
IT Security Protection
Level (0–125%)
Quantity Rating
(0–100%)
Quality Rating
(good, medium, bad)
Exposure
Complexity
Security Level
Overall Exposure/
Complexity Score
Actual Security Level
(0–125%)
Actual Risk Rating
(1–4)
10
Transformation into claims handling
Service provider network
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
Service
Provider
IT Forensics
Data
Forensics
incl.
Accounting
11
PreventionFirst
Notification
of Loss
(Call Center)
Claims Handling
Crisis Consulting
Crisis Management
(Public)
Notification
Public Relations
Legal Consulting
Identity protection and -
recovery
Forensics
Cyber Extortion
Worldwide spread
Large number of systems infected by one event
Accumulation
Cyber accumulation scenarios
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
Worldwide spread
Large number of services interrupted
No prevention by insured possible
Accumulation is triggered by one company
Large number of clients affected in one event
“Global Outage” of external networks,
e.g., the Internet
Outage of a large Cloud Service Provider as
a supplier
Self-reproducing Computer Viruses
12
sub cloud
provider
credit
company
bank
hospital
sub cloud
provider
Cloud
provider
end user
pharma
industry
sub loud
provider
bank
hospital
sub loud
provider
sub loud
provider
sub loud
provider
client
bank
company
invalid
supplier
pharma
hospital
lab
lab
doc
client
bank
company
doc
end user
end user
1st tier
Online-
shop
end user
end user
2nd tier
Accumulation
Cyber accumulation scenarios
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
Accurate modeling not possible
Excluded under reinsurance treaty and/or insurance policy
Low limits for unnamed service provider
High limits for named service provider
Monitor exposure per service provider
“Global Outage” of external networks,
e.g., the Internet
Outage of a large Cloud Service Provider as
a supplier
Model propagation of a “Super Virus”
Determine effect on portfolio
Introduce sublimit in insurance policy
Annual Aggregate Limit in reinsurance treaty
Self-reproducing Computer Virusessub cloud
provider
credit
company
bank
hospital
sub cloud
provider
Cloud
provider
end user
pharma
industry
sub loud
provider
bank
hospital
sub loud
provider
sub loud
provider
sub loud
provider
client
bank
company
invalid
supplier
pharma
hospital
lab
lab
doc
client
bank
company
doc
end user
end user
1st tier
Online-
shop
end user
end user
2nd tier
13
Our Approach and Offer to you
Primary- and Reinsurance Solutions
04 November 2015SIRC 2015 - Presentation by Mr. Andreas Schlayer and Mr. Carsten Topsch
Product consulting
and tailor-made
service to meet
your demands
Worldmap
Business Experience
Expert Network
Wording
Workshops
Risk assessment
Portfolio management
Pricing
Designing terms & conditions and its concepts
Network of service providers
Accumulation management
…
14
Thank you for your attention
3 November 2015
Carsten Topsch, Andreas Schlayer
Image: Clerkenwell / Getty Images
© 2015 Münchener Rückversicherungs-Gesellschaft © 2015 Munich Reinsurance Company