Abstract
During the development of information systems, security, and safety considerations often take a back seat to market pressures, demanding shorter development cycles, faster releases, and new product features. Unfortunately, right until a cyber-incident, the price of the trade-off between security and safety and other market imperatives is unclear and, given the general rarity of cyber-incidents, often under-estimated. Fortunately, calculating the security and safety side of the trade-off is the domain of expertise of actuaries in insurance companies offering cyber insurances. It used to be an after-thought for most companies since the 2013 Target data breach, which cost nearly 300 million but was covered at 30% by insurance payout. Since then, insurance for risks of information systems malfunctions has become standard for most companies, and premium reduction has become a primary driver for improving cybersecurity costs for companies. The role of this chapter is to transpose what we have learned about the insurance of cyber-incidents over the last couple of decades and use it as a basis to produce a qualitative forecast of the insurance outlook for a security and safety landscape involving LLMs.
Chapter PDF
References
M. Eling, A. V. Kartasheva, and D. Ning. The supply of cyber risk insurance. Available athttp://dx.doi.org/10.2139/ssrn.4497405, 2023.
M. Eling, R. Ibragimov, and D. Ning. Time dynamics of cyber risk. Available at http://dx.doi.org/10.2139/ssrn.4497621, 2023.
M. Eling and K. Jung. Heterogeneity in cyber loss severity and its impact on cyber risk measurement. Risk Management, 24:273–297, 2022.
M. Boyer and M. Eling. New advances on cyber risk and cyber insurance. Geneva Papers on Risk and Insurance - Issues and Practice, 48:267–274, 2023.
R. Anderson, C. Barton, R. Böhme, R. Clayton, M. J. G. Eeten van, M. Levi, T. Moore, and S. Savage. Measuring the cost of cybercrime. Workshop on the Economics of Information Security, 11:265–300, 2013.
R. Anderson, C. Barton, R. Boehme, R. Clayton, C. Ganan, T. Grasso, M. Levi, T. Moore, and M. Vasek. Measuring the changing cost of cybercrime. Workshop on the Economics of Information Security, 18:1–32, 2019.
A. Bouveret. Cyber risk for the financial sector: A framework for quantitative assessment. Available at http://dx.doi.org/10.2139/ssrn.3203026, 2018.
S. Romanosky. Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2:121–135, 2016.
L. Andreadis, E. Kalotychou, C. Louca, C. T. Lundblad, and C. Makridis. Cyberattacks, media coverage and municipal finance. Available at https://dx.doi.org/10.2139/ssrn.4473545, 2023.
J. Jensen and F. Paine. Municipal cyber risk. Available athttps://weis2023.econinfosec.org/wp-content/uploads/sites/11/2023/06/weis23-jensen.pdf, 2023.
L. A. Gordon, M. P. Loeb, and L. Zhou. The impact of information security breaches: Has there been a downward shift in costs? Journal of Computer Security, 19:33–56, 2011.
K. Campbell, L. A. Gordon, M. P. Loeb, and L. Zhou. The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Cybersecurity, 11:431–448, 2003.
M. Johnson, M. J. Kang, and T. Lawson. Stock price reaction to data breaches. Journal of Finance Issues, 16:1–13, 2017.
C. Lending, K. Minnick, and P. J. Schorno. Corporate governance, social responsibility, and data breaches. Financial Review, 53:413–455, 2018.
O. K. Tosun. Cyber-attacks and stock market activity. International Review of Financial Analysis, 76:1–15, 2021.
S. Kamiya, K. Jun-Koo, K. Jungmin, A. Milidonis, and R. M. Stulz. Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139:719–749, 2021.
L. A. Gordon, M. P. Loeb, and T. Sohail. Market value of voluntary disclosures concerning information security. Management Information Systems Quarterly, 34:567–594, 2010.
G. Hilary, B. Segal, and M. H. Zhang. Cyber-risk disclosure: Who cares? Available at http://dx.doi.org/10.2139/ssrn.2852519, 2016.
C. Florackis, C. Louca, R. Michaely, and M. Weber. Cybersecurity risk. Review of Financial Studies, 36:351–407, 2023.
R. Jamilov, H. Rey, and A. Tahoun. The anatomy of cyber risk. Available at:https://ssrn.com/abstract=3866338, 2021.
D. Celeny and L. Maréchal. Cyber risk and the cross section of stock returns. Available at http://dx.doi.org/10.2139/ssrn.4587993, 2023.
Mark Carhart. On persistence in mutual fund performance. The Journal of Finance, 52 (1):57–82, 1997.
F. E. Fama and K. R. French. A five-factor asset pricing model. Journal of Financial Economics, 116:1–22, 2015.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2024 The Author(s)
About this chapter
Cite this chapter
Maréchal, L., Celeny, D. (2024). Insurance Outlook for LLM-Induced Risk. In: Kucharavy, A., Plancherel, O., Mulder, V., Mermoud, A., Lenders, V. (eds) Large Language Models in Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-54827-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-54827-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54826-0
Online ISBN: 978-3-031-54827-7
eBook Packages: Computer ScienceComputer Science (R0)