Catastrophic Cyber Risk: An Expert Panel Discussion Series

With the growing threat of cyber incidents, organizations and governments are rightfully concerned. In recent years, cyber incidents have caused significant losses to entities and insurers across the world. Therefore, there is a need to understand and provide greater context around the topic of catastrophic cyber risk, which has implications for insurance companies, reinsurers, regulators, consumers, and society. Taking a multi-disciplinary, holistic approach, an expert panel study was conducted on catastrophic cyber risk in this four-part series of discussions and subsequent reports.

Cyber Risk Part 1
Setting the Scene: Framing Catastrophic Cyber Risk - An Expert Panel Discussion: Part 1
By Unal Tatar, PhD, Brian Nussbaum, PhD, Omer F. Keskin, PhD, Elisabeth Dubois, MBA, PMP, Dominick Foti, MBA

With the growing threat of cyber incidents, organizations and governments are rightfully concerned. In recent years, cyber incidents have caused significant losses to entities and insurers across the world. Therefore, there is a need to understand and provide greater context around the topic of catastrophic cyber risk, which has implications for insurance companies, reinsurers, regulators, consumers, and society. Taking a multi-disciplinary, holistic approach, an expert panel study was conducted on catastrophic cyber risk in this four-part series of discussions and subsequent reports.
cyber risk part 2
Analysis of a Catastrophic Cyber Attack on Critical Infrastructure - An Expert Panel Discussion: Part 2
By Unal Tatar, PhD, Brian Nussbaum, PhD, Omer F. Keskin, PhD, Elisabeth Dubois, MBA, PMP, Dominick Foti, MBA

With the expansion of cyber threats, the ability for a catastrophic event impacting organizations and government grows. Cyber incidents are causing increasing financial, operational, and reputational losses to entities worldwide. Given this, there is a need to manage catastrophic cyber risks using validated methods, to determine the implications such risks have for insurance companies, reinsurers, regulators, government, consumers, and society.

This report is the second output of a series of four multi-disciplinary panel discussions that employs red teaming techniques to gather insights from a diverse set of experts regarding evolving catastrophic cyber risks and how to plan ahead, mitigate, and respond to them.
Cyber risk part 3
Red Teaming Analysis of a Widespread Catastrophic Cyber Incident - Expert Panel Discussion: Part 3
By Unal Tatar, PhD, Brian Nussbaum, PhD, Omer F. Keskin, PhD, Elisabeth Dubois, MBA, PMP, Dominick Foti, MBA

The increasing reliance on technology and digital infrastructure has led to the emergence of software supply chain vulnerabilities as one of the most significant threats to organizations across various sectors. The objective of this report is to identify potential vulnerabilities in the insurance sector and explore the impact of a software supply chain vulnerability on the insurance industry.

This report is the third deliverable of a series of four expert panel discussions on catastrophic cyber incidents. The report presents the findings of the March 2023 expert panel meeting where the participants conducted a red teaming exercise and discussed a hypothetical catastrophic cyber incident that was caused by a software supply chain vulnerability and spread to over three thousand organizations around the world across all sectors.
Cyber Risk Cover Part 4
Strategies and Solutions Against Catastrophic Cyber Incidents - An Expert Panel Discussion: Part 4
By Unal Tatar, PhD, Brian Nussbaum, PhD, Omer F. Keskin, PhD, Elisabeth Dubois, MBA, PMP, Dominick Foti, MBA

This report addresses the evolving landscape of catastrophic cyber risks and the role of the cyber insurance sector in responding to these challenges. The goal of this comprehensive analysis is to explore the key issues, perspectives, and potential strategies for enhancing the effectiveness of cyber insurance in managing and mitigating catastrophic cyber risks. This report presents the findings of the fourth and final expert panel discussion focusing on catastrophic cyber incidents.

Acknowledgements

The authors’ deepest gratitude goes to those without whose efforts this project could not have come to fruition: the volunteers who generously shared their wisdom, insights, advice, guidance, and arm’s-length review of this study prior to publication. Any opinions expressed may not reflect their opinions nor those of their employers. Any errors belong to the authors alone.

Expert Panel Participants:

Seth Baum, Global Catastrophic Risk Institute
Michael Bean, Canadian Institute of Actuaries
Nicole Becher, Google
Kenneth Crowther, Xylem
Gregory Falco, Johns Hopkins University
Ben Goodman, 4A Security and Compliance
Jim Haltom, DHS CISA
Howard Miller, LBW Insurance
Tyler Moore, University of Tulsa
Norman Niami, American Academy of Actuaries
Reid Putnam, Gregory & Appel Insurance
Sasha Romanosky, RAND Corporation
Marc Schein, Marsh McLennan
Scott Stransky, Marsh McLennan
Jeremy Straub, North Dakota State University
Daniel Woods, University of Edinburg   
Maochao Xu, Illinois State University

At the Society of Actuaries Research Institute:

Rob Montgomery, ASA, MAAA, FLMI, Consultant -Research Project Manager

Facilitators at the University at Albany:

Unal Tatar, PhD, Assistant Professor
Brian Nussbaum, PhD, Associate Professor
Omer F. Keskin, PhD, Assistant Professor
Doug Clifford, Program Manager of CART
Elisabeth Dubois, MBA, PMP
Dominick Foti, MBA
Brianna Bace
Rian Davis