网络风险积累：全面应对保险挑战

CYBER RISK ACCUMULATION:Fully tackling the insurabilitychallengeDarren Pain,Director Cyber | Evolving Liability,The Geneva Association The Geneva AssociationThe Geneva Association was created in 1973 and is the only global association of insurancecompanies; our members are insurance and reinsurance Chief Executive Officers (CEOs).Based on rigorous research conducted in collaboration with our members, academicinstitutions and multilateral organisations, our mission is to identify and investigate keytrends that are likely to shape or impact the insurance industry in the future, highlightingwhat is at stake for the industry; develop recommendations for the industry and forpolicymakers; provide a platform to our members and other stakeholders to discuss thesetrends and recommendations; and reach out to global opinion leaders and influentialorganisations to highlight the positive contributions of insurance to better understandingrisks and to building resilient and prosperous economies and societies, and thus a moresustainable world.Geneva Association publications:Pamela Corn, Director CommunicationsHannah Dean, Editor and Content ManagerKelly Gailey, Communications & Events ManagerSuggested citation: The Geneva Association. 2023.Cyber Risk Accumulation: Fully tackling the insurability challenge.Author: Darren Pain. November.© The Geneva Association, 2023 All rights reservedwww.genevaassociation.orgPhoto credits:Cover page – Pratchaya on iStock 2 ForewordExecutive summary1.Introduction1.1Increasingly hostile threat landscape1.2Large and persistent protection gap1.3Structure of the report2.The actuarial challenge in quantifying cyber risks2.1Lack of meaningful historical loss data2.2Anthropogenic features2.3Complex interdependencies2.4‘Silent’ cyber2.5Reserve development risks3.Key pathways to loss accumulation3.1Critical infrastructure failure3.2Supply chain disruption3.3Zero-day and open-source software vulnerabilities3.4Mass liability claims3.5Disaggregating factors – Important caveats4.Latest advances in accumulation risk assessment4.1Innovations in data capture and analytics4.2Probabilistic models4.3Deterministic scenarios4.4Irreducible uncertainty5.Towards more optimal risk sharing5.1Broader re/insurance participation5.2Capital markets involvement5.3Collaboration with critical infrastructure providers and government security agencies5.4Government backstops5.5Enhanced IT-sector liability6.Concluding remarksReferencesContents 5689121314161617171819202223252527282934353738394142434548 ACKNOWLEDGEMENTSThis report has benefitted significantly from inputs and comments from the members and affiliates of TheGeneva Association’s (GA’s) Cyber Working Group. Special thanks go to:•Sabrina Sexton and Marek Stanislawski (Allianz Commercial)•Hélène Chauveau, Amine Merchergui and Xavier Servel (AXA)•Stephen Gibson (AXIS Capital)•Aidan Flynn (Beazley)•Anika Stehr (Hannover Re)•Ramneek Goyal (ICICI Lombard)•Mary Bieker (Intact)•Oscar Taboada (MAPFRE)•Cyrus Delarami and Stephan Brunner (Munich Re)•Simon Dejung and Téodore Iazykoff (SCOR)•Eric Durand and Stephan von Watzdorf (Swiss Re)•Daljitt Barn and Andreas Kempe (Tokio Marine)In addition, we would like to thank a number of external interlocutors who kindly agreed to share theirinsights as background to the report and/or for the session on cyber accumulation risks at the GA’sinaugural cyber conference in November 2022. In particular:•Rory Egan (Aon)•Eric Dallal (Arch, formerly Verisk)•Pamela Eck (Blue Vouyant, formerly Verisk)•Charlotte Anderson (Crowdstrike, formerly CyberCube)•Jon Laux (CyberCube)•Peter Hacker (Distinction.Global)•Jennifer Braney, Simon Heather, Theo Norris and Justyna Pikinska (Gallagher Re)•Matt Harrison (Gallagher Re, formerly RMS)•Doug Stronberg (GuidewireCyence)•Jamie Pocock (Guy Carpenter)•Tom Johansmeyer (Inver Re, formerly PCS)•Yakir Golan (Kovrr)•Professor Kerstin Awiszus (Leibniz University Hannover)•Matt Silley (Lockton Re, formerly AXIS Capital)•Darren Thomson (One Indentity, formerly CyberCube)•Gordon Woo (RMS)•Alan Frith (Verisk)•Professor Matthias Scherer and Gabriela Zeller (Technical University of Munich)•Professor Martin Eling (University of St. Gallen) 4 Foreword With the digitalisation of society, the cyber problem has only grown in magnitude.Cyberattacks can simultaneously impact so many people and businesses around the world,causing catastrophic economic losses and a high accumulation of insured losses.How did cyber threats evolve to be such a pressing concern for society, businesses, and theinsurance industry in particular? It is worth reflecting.With the rise of the internet and increase in digitalisation since the 1990s, cyberattackshave become more organised and profit-oriented. Also, nation-state-sponsored campaignsaimed at espionage or disruption are growing more prevalent. Today, the increasinglyhostile geopolitical landscape, the targeting of critical infrastructure, and the proliferationof previously unknown (‘zero-da