Abstract
In today’s insurance market, numerous cyber insurance products provide bundled coverage for losses resulting from different cyber events, including data breaches and ransomware attacks. Every category of incident has its own specific coverage limit and deductible. Although this gives prospective cyber insurance buyers more flexibility in customizing the coverage and better manages the risk exposures of sellers, it complicates the decision-making process in determining the optimal amount of risks to retain and transfer for both parties. This article aims to build an economic foundation for these incident-specific cyber insurance products with a focus on how incident-specific indemnities should be designed for achieving Pareto optimality for both the insurance seller and the buyer. Real data on cyber incidents are used to illustrate the feasibility of this approach. Several implementation improvement methods for practicality are also discussed.
| Original language | English |
|---|---|
| Pages (from-to) | 1-31 |
| Number of pages | 31 |
| Journal | ASTIN Bulletin: The Journal of the IAA |
| Early online date | 27 Mar 2025 |
| DOIs | |
| Publication status | E-pub ahead of print - 27 Mar 2025 |
Keywords
- Pareto optimality
- Risk management
- cyber insurance
- incident specificity
- statistical learning
ASJC Scopus subject areas
- Accounting
- Finance
- Economics and Econometrics