Research Seminar

Cyberattack risk and insurance management

A seminar by Professor Martin Boyer, presented by IMC2

Summary

This presentation provided an opportunity to address the cyber risks faced by businesses, which exhibit the following characteristics: 1) low direct losses, 2) potential for substantial indirect losses, 3) requiring mitigation technology beyond the core competencies of businesses, and 4) where mitigation technologies quickly become obsolete. This seminar presented a model of dynamic insurance contracts that integrate irreversible technology aimed at reducing incidents related to cyber risks. The unique nature of the technology opposing cyber risks creates an economic ‘hold-up’ problem, in that insured firms have no particular reason to stay with their insurer after implementing the technology. Therefore, relative to long-term contracts, a series of short-term contracts may delay or accelerate investment in the technology. Additional complexities arise when the technology depreciates over time, when there are externalities to managing cyber risks, and when the insurer cannot perfectly verify that good technological practices have been followed.