2 results
Cyber operational risk scenarios for insurance companies
- R. Egan, S. Cartagena, R. Mohamed, V. Gosrani, J. Grewal, M. Acharyya, A. Dee, R. Bajaj, V.-J. Jaeger, D. Katz, P. Meghen, M. Silley, S. Nasser-Probert, J. Pikinska, R. Rubin, K. Ang
-
- Journal:
- British Actuarial Journal / Volume 24 / 2019
- Published online by Cambridge University Press:
- 19 February 2019, e6
-
- Article
-
- You have access Access
- Open access
- HTML
- Export citation
-
Cyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:
∙ Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).
∙ Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).
∙ Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).
∙ While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.
∙ There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.
∙ No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)
∙ No consideration has been given to the impact of the event on the share price of the company.
∙ Correlation with other risk types has not been explicitly considered.
Antimicrobial resistance in zoonotic bacteria: lessons learned from host-specific pathogens
- Trudy M. Wassenaar, Peter Silley
-
- Journal:
- Animal Health Research Reviews / Volume 9 / Issue 2 / December 2008
- Published online by Cambridge University Press:
- 22 December 2008, pp. 177-186
-
- Article
- Export citation
-
The relative contribution of veterinary and human clinical treatments to the selection of antimicrobial resistance in zoonotic pathogens remains controversial. In this review, we consider bacterial pathogens that differ in host specificity and address their resistance profiles: pathogens that only occur in the human host, pathogens that are specific to particular food-producing animals and pathogens that occur in both host types. Compared with those pathogens restricted to a single animal host, pathogens found in both human and animal hosts appear to have higher incidences of resistance. However, the most urgent and severe resistance problems occur with pathogens exclusively infecting humans. Differences exist in the available genetic repertoire of a bacterial species and these are reflected in the observed resistance patterns; it is important to note that different bacterial species do not automatically result in similarly resistant populations when they undergo comparable selection in different host species. Thus, within a bacterial species, prevalence of resistance can differ between populations isolated from different hosts. For some species, fluctuations in dominant subpopulations, for instance particular serotypes, can be the most important factor determining resistance. The frequently expressed opinion that veterinary use of antimicrobials is at the heart of many resistance problems may be an oversimplification of the complex forces at play.