Quantitative modelling of cyber risk for cyber insurance modelling is at a nascent stage characterized by sparse empirical research and reliable data. Our current investigation reveals that VaR is the current predominant model of choice for cyber insurance modelling. Model risk related to VaR was a key factor in the Global Financial Crisis given its known limitations in modelling tail risks and systemic risks. As a result, US Federal Reserve and OCC issued model risk compliance guidance for US financial institutions. Basel Committee of worldwide central bank supervisors stopped relying on VaR for risk modelling. Given history of model risks associated with VaR, we investigate if current reliance of cyber insurance modelling on VaR entails model risk. We develop qualitative frameworks to benchmark relative levels of tail risks and systemic risks associated with cyber risk vis-à-vis financial risks typically modelled with VaR.
Risk, Uncertainty, and Profit for the Cyber Era: 'Knight Reconsidered'
Global Risk Management Network
Length of Resource