A Comprehensive Model for Cyber Risk Based on Marked Point Processes and Its Application to Insurance

After scrutinizing technical, legal, financial, and actuarial aspects of cyber risk, a new approach for modelling cyber risk using marked point processes is proposed. Key co-variables, required to model frequency and severity of cyber claims, are identified. The presented framework explicitly takes into account incidents from un-targeted and targeted attacks as well as accidents and failures. The resulting model is able to include the dynamic nature of cyber risk, while capturing accumulation risk in a realistic way. The model is studied with respect to its statistical properties and applied to the pricing of cyber insurance and risk measurement. The results are illustrated in a simulation study.