Emerging Technology and Cyber Risk
Insurers face a cat and mouse game of keeping pace with the evolving nature of cyber risk, and the ever expanding frontier of the technology that it involves.
Further research is required into how insurers could be more proactive about cyber risk in an impactful way; for example, developing scenarios that describe what the risk could be, stress testing them, and then creating risk mitigation strategies based on the results.
There is also the issue of transparency within the insurance industry – the lack of transparency in policies and practices is cited as one of the leading obstacles hindering adoption of cyber insurance, and presents significant challenges for senior executives seeking to manage risks across their organisations.
Key Research Questions
To drive forward better understanding of Emerging Technology and Cyber Risk, we have put together a series of questions that we believe need answering. These are as follows:
- Can we solve the data deficit – how could better industry-wide data sharing on cyber breaches be effectively encouraged and standardised, and develop responsible data access or sharing methods?
- Can we create a single, objective, peer-reviewed framework to describe past cyber events with consistent terminology and data? Can we use such a framework to analyse the evolution of cyber risk and apply this analysis and framework to describing future events?
- Can we fill the transparency gap in the design, understanding, and purchase of cyber insurance by providing fundamental analysis of actual cyber insurance policies, building on the first-ever systematic qualitative analysis of the underwriting process for cyber insurance?
- How will liability risks develop with the emergence of new technology such as biological printers?
- Algorithms play a key role in the interface between human and machine decision-making, but what are the potential systemic risks of flaws / biases in algorithm design and how could they impact insurance? What ethical framework should insurers adopt to mitigate the risks?
- Have cyber management behaviours changed in the wake of recent high profile cyber attacks such as Wannacry (including on a business level and on policymaker level)?
- How can insurers adapt to be able to process large and complex data streams that could be generated by “active” insurance products tied to an individual’s behaviour and activities?
- Smart contracts, possibly based around blockchain technology, could lead to a move away from “all risks” policies. What is the future of smart contracts – and how can we ensure that smart contracts are legally sound?
- Have recent cyber events invalidated any risk models?
- What are the regulatory and practical issues around data quality, privacy and infrastructure compatibility that are impacting insurers’ adoption of AI to improve their own processes and analytics?
If you are an academic and believe you can help fulfil or progress the questions above, or if you are an insurer wishing to expand or share your own expertise on the topic, please get in contact with us to see how you can help.